The reduction of public SSL/TLS certificate validity to 200 days (199-day renewals) starting March 15, 2026 marks the first major step toward much shorter lifespans. This shift will dramatically increase renewal frequency and expose the limits of manual certificate management. Organizations that lack automation risk outages, compliance failures, and rising operational costs as the industry moves toward 100-day and ultimately 47-day certificates. Adopting automated certificate lifecycle management (CLM) now is critical to maintaining visibility, scalability, and digital trust resilience.

Digital certificate lifespans are shrinking and this is no longer a distant threat. The first big shift arrives on March 15, 2026, when public SSL/TLS certificate validity periods will be reduced to just 200 days. This represents a steep drop from the previous 398-day validity period. These limits apply to newly issued certificates under the enforcement schedule.

This shift will accelerate renewal cycles and further complicate manual certificate management. As certificate lifespans shorten, renewal workloads essentially double as the new limits take effect, and organizations that lack automated solutions will struggle to keep up. Without changes to how certificates are managed, the risk of missed renewals and certificate expiration rises, which can lead to compliance failures and loss of customer trust.

These challenges intensify as the industry approaches the next milestone of 100-day validity periods in 2027, with further reductions ultimately reaching a 47-day maximum. Actions taken today can alleviate certificate management challenges as certificate lifespans continue to shrink. The most urgent and impactful measure to address growing risks? Adopting automated certificate lifecycle management (CLM).

What’s changing and why

In April, 2025, the Certification Authority Browser Forum (CA/Browser Forum) approved Ballot SC-081v3. This proposal established a detailed schedule for reducing public SSL certificate validity periods. Encompassing phased certificate lifespan reductions, this measure followed a motion proposed by Apple and endorsed by major browser vendors and certificate authorities (CAs), including Google/Chrome, Mozilla, and Sectigo.

This shift reflects the growing recognition that extended certificate lifespans introduce elevated security risks. Longer lifespans increase risk exposure by extending vulnerability windows. These concerns are further compounded by the impending shift to post-quantum cryptography, which will require greater cryptographic agility across certificate environments. Shorter lifespans force organizations to shift from manual certificate management to automated solutions that enable quick key rotations and algorithm updates.

The upcoming SSL certificate validity timeline

The shift from 398-day lifespans to 47-day certificate renewals will not occur all at once. Instead, a phased rollout has been established, allowing organizations to adapt gradually as new phases introduce shorter validity periods.

Enforcement dates established by Ballot SC-081v3 include:

March 15, 2026 – 200-day maximum validity period: This represents the first major adjustment, cutting certificate lifespans in half. Renewals will now be required every 199 days, which we suggest you think of as 6 month certificates which would pragmatically mean renewing at the 180 day mark, allowing for recovery time. At this point, enterprises that fail to implement automation will begin to feel the pressure. This phase still functions as a transition window, however, providing just enough time to improve certificate visibility and workflows before the next big shift arrives.

March 15, 2027 – 100-day maximum validity periods: With lifespans once again cut in half, manual certificate management will become unsustainable. Enterprises that failed to respond to the initial phase-down will likely face renewal backlogs and service reductions at this point. There will still be time to transition to automated certificate management and streamlined renewals, but delayed adoption will leave little room for error, making this transition feel operationally urgent or even rushed.

March 15, 2029 – 47-day maximum validity periods: The big deadline arrives in 2029, when certificates with a maximum validity of 47 days take effect. Ideally, enterprises will be well-prepared, having already seamlessly adjusted to 200 and then 100-day lifespans. Supported by certificate authorities and centralized, automated certificate management, fully-prepared organizations can expect a seamless transition. Those that continue to rely on manual processes will face relentless operational pressure, inevitable human error, and urgent security threats.

With each new phase comes an increase in renewal frequencies. This reduces the margin for delay, rendering manual oversight less effective as we reach new stages in this rollout.