CentralNic Reseller Homepage
CentralNic Reseller Homepage
Overview: List all Top Level Domains

SSL/TLS Certificate Lifetime Reduction – 47-Day Certificates by 2029


The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates and the reusability of CA-validated information in certificates.

These changes introduce a gradual reduction in SSL/TLS certificate lifetimes, ultimately leading to 47-day certificates by 15 March 2029. The first customer-facing impacts will begin in February–March 2026 and apply to all major Certificate Authorities, including DigiCert and Sectigo.

CentralNic Reseller is adapting its pricing model, APIs, and frontend workflows to fully support these industry-wide changes.



Industry-Wide Certificate Lifetime Schedule


The following timeline applies to all public TLS certificates:

Effective Date Maximum Certificate Lifetime Domain/IP Validation Reuse
From 24 February 2026 (DigiCert) 199 days 199 days
From 15 March 2026 (Sectigo) 200 days 200 days
From 15 March 2027 100 days 100 days
From 15 March 2029 47 days 10 days

Important Notes:
  • Certificates issued before 24 February 2026 (DigiCert) or 15 March 2026 (Sectigo) will remain valid until expiration.
  • From these dates onward, Certificate Authorities cannot issue or reissue certificates longer than 199 or 200 days, regardless of order length.
  • DigiCert applies a 1-day reduction to both certificate lifetime and validation reuse compared to the industry maximum.


Order Lifetime vs. Certificate Lifetime

As lifetimes shorten, order lifetime and certificate lifetime will differ.

Example (From 24 February or 15 March 2026):

30-day order = 30-day certificate
365-day order:
  • Initial certificate valid for 200 days (Sectigo) or 199 days (DigiCert).
  • Remaining 164/165 days can be used to reissue a new certificate before the order expires.
This same reissuance model will apply again when limits are reduced in 2027 and 2029.



Pricing Model Change

There is no change to the overall pricing of SSL certificates.
To standardize pricing across all CAs, CentralNic Reseller will be adopting a daily-based pricing model.

Pricing Display Timeline
  • Until 15 March 2026: Both annual (year-based) and daily-based pricing will be displayed.
      • This transition period allows customers to familiarise themselves with the new pricing model.
  • From 15 March 2026 onward: Daily-based pricing only will be displayed across all SSL certificate products.

Benefits of Daily-Based Pricing
  • Consistent and transparent pricing across all CAs.
  • Easier comparison between different coverage options.
  • Better alignment with shortened certificate lifetimes and reissuance cycles.

Please note that the total cost will remain equivalent.


Coverage Options per Certificate Authority


DigiCert
  • 53 coverage options in total:
  • 52 options in 7-day increments (7, 14, 21 … up to 364 days)
  • 1 additional option for 365 days

Sectigo
  • Coverage options:
  • 30 days;
  • 90 days;
  • 365 days.

Certificates exceeding the allowed lifetime will be reissued using the remaining order balance.


API Changes (SSL API 2.0)

Several APIs will be updated to support the new certificate lifecycles:
  • AddCertificate for enhanced checkonly validation and expanded coverage options.
  • RenewCertificate for Additional coverage periods.
  • GetCertificateInfo for Updated validity period details for each product class.


Frontend Changes

  • Coverage-length dropdown menu will be added during checkout.
  • Clear warnings will be shown when reissuing certificates with remaining order lifetime.


Deployment Timeline

  • OTE (Test Environment): Available now.
  • Production: 10 February 2026.


FAQ


Question Answer
Are SSL certificates becoming more expensive? Shorter certificate lifetimes improve security by:
  • Limiting exposure if a certificate is compromised.
  • Improving compliance readiness.
  • Reducing reliance on long-lived domain and IP validation data
  • Improving overall security hygiene through more frequent certificate rotation.
    • Browsers only verify that a certificate is valid at the time of use. They do not evaluate the total order lifetime.
    Why does my certificate expire before my order ends? Industry rules limit certificate lifetimes. Longer orders are fulfilled through multiple certificate reissues.
    Will I need to revalidate my domain more often? Yes. Domain and IP validation reuse periods will shorten over time, reaching 10 days by March 2029.
    Are existing certificates affected? No. Certificates issued before 24 February or 15 March 2026 remain valid until they expire.
    Will I need to change how I order SSL certificates? No immediate change is required. Ordering remains the same, but you may notice new coverage length options depending on the Certificate Authority.
    Will certificate reissuance be automatic? Automatic certificate reissuance is not currently available, but we’re planning to introduce this functionality in the future to help customers manage shorter certificate lifetimes more easily.  Until then, certificates can be manually reissued from the existing order while there is remaining order lifetime.

    We domains
    -