In 2020, the publishers of major browsers (Apple, Google, Microsoft, Mozilla) announced that they no longer support SSL certificates with an expiration date greater than 398 days (i.e. 1 year plus a grace period). Certification Authorities will no longer be able to offer SSL certificates with a validity of 2 years, since they would be rejected by the browsers used.
As of February 24, 2026, Certificate Authorities such as DigiCert no longer issue public TLS certificates with a validity period greater than 199 days. This change applies to all public TLS certificates, including Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV) certificates. The goal of this transition is to reduce the risks associated with compromised certificates, outdated validation data, or configuration errors by shortening the exposure period.
The CA/Browser Forum has also approved additional reductions to certificate validity periods:
- 2027: Maximum validity reduced to 100 days
- 2029: Maximum validity reduced to 47 days
These upcoming changes aim to further improve TLS ecosystem security and encourage the adoption of automated certificate lifecycle management (ACME).
In order to offer you the lowest annual cost, we now offer 2-5 year SSL certificate packages.
To comply with the latest security requirements, you will need to reissue the certificate periodically within the subscription period. We will send you email notifications starting 30 days before the time to update your certificate. To help you with this process, consult our guide How to manage and reissue my SSL certificate?