It’s Official – TLS Certificate Lifespans Shortening to 47 Days
Article updated on 28 Apr 2025 to reflect the latest CA/Browser Forum announcement.
On 11 Apr 2025, the CA/Browser Forum has voted for and approved Ballot SC-081v3, a proposal led by Apple to shorten the lifespan of SSL/TLS certificates. This move aims to enhance web security and reduce the risk of vulnerabilities.
What exactly is the big change?
What exactly is the big change?
- The current maximum public TLS certificate you can request is 13 months (398 days).
- Certificate lifespans will be progressively reduced over the next few years, culminating in a maximum lifespan of 47 days by 2029.
Official Schedule
| Maximum Certificate Lifespan | Date |
| 200 Days | 15 Mar 2026 |
| 100 Days | 15 Mar 2027 |
| 47 Days | 15 Mar 2029 |
How does this affect me?
How does this affect me?
This accelerated timeline for certificate lifespan reduction will have a direct impact on organisations:
- Increased Management Overhead: IT teams will need to manage the renewal of certificates at a higher frequency rate thus increasing the volume of certificate renewals.
- Potential for Disruptions: Manual processes may not be sufficient to keep up with the rapid pace of certificate expiration.
- Increased Chance of Mistake: With the increased manual generation of certificate requests, administrators are potentially exposed to increased chances of making mistakes.
Why the change?
Why the change?
The shortening of certificate lifespans is driven by the need to mitigate security risks associated with compromised certificates. Shorter lifespans make it more difficult for attackers to exploit vulnerabilities and compromise websites.
Stricter DCV Reuse
Stricter DCV Reuse
In addition to the shorter lifespans, there will also be a stricter DCV reuse period.
Understanding DCV
Document Challenge Validation (DCV) is a security measure used by CAs to verify domain ownership. It involves adding a specific HTML file to the website’s root directory. This file proves that the applicant has control over the domain.
DCV reuse period will also be shortened, reaching a minimum of 10 days in 2029.
| DCV Reuse Period | Date |
| 200 Days | 15 Mar 2026 |
| 100 Days | 15 Mar 2027 |
| 10 Days | 15 Mar 2029 |
The impact of shorter DCV reuse periods
With shorter DCV reuse periods, certificates issued using the same DCV challenge will have shorter lifespans. This means that CAs will need to perform more frequent validation checks to ensure that certificates remain valid and secure.
The Solution: Automated Certificate Lifecycle Management
The Solution: Automated Certificate Lifecycle Management
To address these challenges, organisations should adopt automated certificate lifecycle management (CLM) solutions. CLM tools can:
- Automate Renewals: Automatically renew certificates before they expire.
- Monitor Expirations: Proactively track certificate expiration dates.
- Centralise Management: Consolidate certificate management into a single platform.
Netrust: Your Partner in Certificate Management
Netrust: Your Partner in Certificate Management
Netrust offers a suite of comprehensive solutions to address the evolving landscape of certificate management.
Don’t let shorter certificate lifespans disrupt your operations. Contact Netrust today to learn how our CLM solutions can help you maintain security and compliance.
