SSL/TLS Certificate - Lifespan reduction for TLS certificates

The CA/Browser (CA/B) Forum ballot has endorsed to reduce the maximum validity term of SSL/TLS certificates to 47 days by 2029.

For those manually renewing certificates, we highly recommend Automated Certificate Management Environment (ACME) protocol.

It simplifies and automates the process of issuing, renewing, and revoking SSL/TLS certificates. Utilizing ACME is a recommended method for efficient certificate life-cycle management, minimizing human error and preventing certificate expiration.

The approved measure will gradually reduce certificate lifespans from the current 398 days through a phased approach:

March 15, 2026: The maximum lifespan for many certificates will be reduced to 200 days.

December 31, 2026: Reduction to 90 days, as a result of CertiNext's implementation of Google Chrome's policies around intermediate Certificate Authorities.

March 15, 2027: Further reduction to 100 days.

March 15, 2029: The maximum lifespan will be reduced to 47 days.

Questions? Contact servercertificates@doit.wisc.edu

Keywords:

server certificates ssl tls incommon comodo sectigo ACME automation lifespan lifetime time CA/Browser (CA/B) Forum ballot certinext

Doc ID:

156631

Owned by:

Jake S. in SSL Server Certificates

Created:

2025-11-11

Updated:

2026-04-29

Sites:

SSL Server Certificates

0 0 Comment Suggest new doc