- Changes are already in effect: the validity periods of certificates have become shorter
- Why the terms are being shortened and what will happen next with SSL certificates
- Should clients be worried and what does it mean for them
- What will happen to free SSL certificates?
The internet is gradually transitioning to new security rules, and these changes have already begun. Previously, SSL certificates could be valid for over a year, but now this period is officially being shortened — and this is just the first stage of a more global process.
It is important to understand: this is not a decision made by individual hosting providers. It has been adopted by key players in the internet — Google, Apple, Microsoft, Mozilla together with certification authorities. This means it is a global standard that is gradually becoming the new norm for everyone.
These changes are being enshrined at the level of international security standards (CA/Browser Forum), which is why all certification authorities are implementing them.
You can find out how the decision-making process took place in this bulletin, published by the CA/Browser Forum.
Changes are already in effect: the validity periods of certificates have become shorter
At the beginning of 2026, the first stage of changes was implemented. The maximum validity period of new SSL certificates has been reduced to 199 days instead of the usual 398.
The rules came into effect on February 24, 2026, for certificates from the DigiCert certification authority, and on March 14, 2026, for Sectigo. These are commercial Certificate Authorities that are the main providers of paid certificates.
This means that all new certificates created after the aforementioned dates are already operating under the new rules. At the same time, old certificates issued earlier remain valid until the end of their term.
In simple terms, if you purchased a certificate before February 24, it does not need to be reissued. If after that date — the SSL certificate will work for the entire duration of the order, as usual, but it will need to be reissued 199 days after installation. This procedure is completely free of charge.
In fact, there is currently a transitional period: some certificates are still operating under the old rules, while new ones are already being issued under the updated ones.
Also read: What is an SSL certificate, why is it needed, and how to choose one
Why the terms are being shortened and what will happen next with SSL certificates
An SSL certificate is a confirmation that a website was verified at a specific point in time. However, over time, the situation can change: domains are sold, access is transferred, infrastructure is updated.
The longer a certificate is valid, the greater the likelihood that some of the information in it is no longer relevant. That is why the industry is moving towards a model where verification occurs more frequently, and trust in the data is constantly updated.
And this is just the beginning. In the future, validity periods will be further shortened:
- to approximately 100 days — expected by 2027
- to about 47 days — projected by 2029
Should clients be worried and what does it mean for them
In fact, there is no reason to worry. If you have already purchased an SSL certificate for a certain period, it remains valid and works as before.
The only nuance is that it will need to be reissued more frequently. But this does not mean additional costs or problems: the certificate still remains valid for the entire paid period, it simply gets updated within this period.
Such actions will need to be performed manually, but there is an option to automate regular reissuance on the user's or domain registrar's side.
Cityhost has already automated this procedure for its clients!
If the domain is operating on our DNS servers, we will take care of reissuing the certificate ourselves: we will initiate the process (starting from the 30th day) and automatically add all necessary records for verification.
In cases where the domain is operating on third-party DNS servers, you will need to reissue it yourself.
The control panel provides the option to manually reissue the certificate. A corresponding button has been added for this purpose. Manual reissuance requires re-verification of the domain using one of the available methods: DNS, FILE, or EMAIL.
We will definitely remind you of the need for reissuance so that you do not miss this moment and the site continues to operate smoothly.
IMPORTANT! After reissuance, the certificate needs to be replaced everywhere it is used — this action remains the client's responsibility and cannot be automated by the registrar.
The shortening of SSL certificate validity periods is a global change in the rules of the game on the internet. It has already begun and will continue to evolve. But for website owners, this is not a problem, but rather a new standard of operation that the infrastructure is already gradually adapting to.
Also read: What is the TLS protocol, how does it work, and what does it protect against
What will happen to free SSL certificates?
In the case of free certificates, global changes have actually long since become the norm. For example, certificates from Let's Encrypt or ZeroSSL have always been issued for a short term — usually around 90 days.
This means that the new 199-day restrictions do not change anything for them. They have always operated under a model of frequent updates, which is now gradually becoming the standard for the entire industry.
The main feature of free certificates is not their duration but the approach to their use. They almost always involve automatic renewal through special protocols (for example, ACME). As a result, the certificate is regularly reissued without user involvement, and the site continues to operate continuously.
That is why free certificates are well-suited for most websites: blogs, landing pages, small projects, and even many online stores. They provide the same level of encryption as paid solutions and fully comply with modern security requirements.
At the same time, it is worth noting that such certificates do not provide extended company verification (OV or EV) and do not have additional guarantees or insurance coverage. Therefore, for large business projects or services where reputation is important, paid certificates from commercial certification authorities are more often chosen.
In conclusion, free SSL certificates not only have not suffered from the new rules but have actually become a benchmark for the development of the entire industry. What was previously their feature — a short validity period and automatic renewal — is now gradually becoming an accepted standard for all.
.webp)
