PLEASE NOTE: this applies only to a paid certificate! Let's Encrypt certificates are automatically renewed.

Anyone who manages a website knows: once a year it is time for the SSL routine. Renewing, validating, and installing the certificate. But that annual routine is about to change drastically. The validity period of SSL certificates is being significantly shortened.

Since March 2026, the maximum lifespan of a public SSL certificate has officially been reduced from 398 days to approximately 200 days (technically often 199 days). And that is just the beginning.

Why is the validity period being shortened?

The CA/Browser Forum (the body that sets the rules for internet security) decided to do this under pressure from major players like Google and Apple. The reasons are simple but crucial:

Higher security: The shorter a certificate is valid, the smaller the chance that a compromised key can be misused for an extended period.

Faster adoption of standards: When new security techniques appear, they are implemented everywhere more quickly because certificates are refreshed more frequently. Current data: The validation of company details is being checked more frequently, increasing the reliability of the "lock" icon in the browser.

The timeline: From annual to weekly?

The reduction to 200 days is just the first step in a multi-year plan. The course is clear: we are moving towards a model where certificates are valid for an extremely short period.

March 2026: Valid for a maximum of 200 days.
March 2027: Valid for a maximum of 100 days.
March 2029: Valid for a maximum of 47 days.

What does this mean for you?

If you were used to managing your SSL matters manually, this will be a significant challenge. Whereas you used to have to take action once a year, you will soon have to do so every few months (and eventually every 6 weeks).

1. Your annual subscription remains, the certificate does not

With most providers, you can still take out a "1-year subscription". The difference? You pay for one year, but you have to reissue and install the technical certificate multiple times in the interim to cover the full period.

2. Automation is no longer optional

Manually replacing certificates is error-prone and time-consuming. The risk of missing an expiration date — resulting in an inaccessible website and an "unsafe" warning — simply becomes too great.

The solution: ACME The ACME protocol (Automated Certificate Management Environment) is the new standard. With this, your server automatically communicates with the certificate issuer to renew and install the SSL certificate without you having to worry about it.