When SSL/TLS certificates first became standard for securing websites, it was common to install one and not think about it again for years. Those days are coming to an end. The CA/Browser Forum is set to make certificate renewals far more frequent than most organizations are used to. By March 2029, the maximum lifespan of a publicly trusted TLS certificate will drop to just 47 days. That’s less than two months between issuance and expiration, forcing site owners, developers, and IT teams to completely rethink how they approach renewals. This isn’t a small procedural update. It’s a shift that will alter certificate management from an occasional task into a continuous operational responsibility. The Shift in TLS Lifespans Historically, certificate lifetimes have steadily shrunk: Currently, the longest a TLS certificate can remain valid is 398 days. This change was implemented in 2020 for more frequent key rotation to improve security. Starting March 15, 2026, validity will shrink to 200 days. In March 2027, it drops again to 100 days, and finally, in March 2029, the maximum will be 47 days. Effective Date Max Validity Domain/IP Validation Reuse Before Mar 2026 398 days 398 days Mar 2026 200 days 200 days Mar […]
