June 2026
If you purchased an SSL certificate for a full year, you might be surprised to find it expiring in roughly six months. This isn’t a mistake, it’s the result of a major industry-wide change that took effect on March 15, 2026, and it will continue to evolve over the next few years.
Here’s what changed, why it happened, and what it means for your website.
What Changed
The CA/Browser Forum, the industry body that governs how SSL/TLS certificates work across browsers and certificate authorities officially voted in April 2025 to reduce the maximum validity period of SSL certificates. The change was originally proposed by Apple and received broad support from major browsers including Google Chrome.
The reduction is happening in phases:
| Effective Date | Maximum Certificate Validity |
|---|---|
| Before March 15, 2026 | 398 days (~13 months) |
| March 15, 2026 (now in effect) | 199 days (~6.5 months) |
| March 15, 2027 | 100 days (~3 months) |
| March 15, 2029 | 47 days (~1.5 months) |
Why Is This Happening?
The reasoning behind shorter certificate lifetimes comes down to two core security principles.
Certificate information becomes stale. When an SSL certificate is issued, it contains validated information about your domain and, for OV/EV certificates, your organization. Over time, circumstances change ownership transfers, businesses close, domains change hands. A shorter validity period means that information is revalidated more frequently, keeping it accurate and trustworthy.
Revocation doesn’t work reliably. When a certificate is compromised, the technically correct response is to revoke it. In practice, browsers often don’t check revocation lists consistently. Shorter lifetimes reduce the window of exposure if a certificate is compromised, because it simply expires sooner on its own.
The direction is clear: the industry is moving toward automation as the standard approach to managing certificates. By 2029, 47-day certificates will make manual renewal essentially unworkable.
What This Means for You
Your SSL subscription hasn’t changed. You still purchase SSL coverage annually or for multiple years, and your pricing stays the same. What changes is how often the certificate itself needs to be reissued within that subscription period.
Under the current 199-day limit, a 1-year subscription requires at least one reissuance mid-term. As limits shrink further in 2027 and 2029, reissuances will become more frequent.
Your site will show a security warning if the certificate expires. Browsers display “Not Secure” warnings and in some cases block access entirely when an SSL certificate has expired. Staying on top of reissuances is critical to avoid this.
What You Should Do
If your server is hosted with Nubius Solutions, we will install the reissued certificate on your server for you. Simply open a support ticket at portal.nubius.io when you receive the reissuance notification and our team will take care of it.
If your server is hosted elsewhere, you will receive an email notification when your reissued certificate is ready. Log in to the Nubius Solutions portal to retrieve it and install it on your server. For step-by-step instructions, see our guide: SSL Certificate Validity Reduction – What to Expect and How to Manage It.
If you have a multi-year SSL plan, reissuances are included. You won’t pay extra you just need to ensure the new certificate gets installed each time.
Looking Ahead
The 199-day limit is just the first step. By March 2027, that window drops to 100 days, and by March 2029 it reaches 47 days. At that point, automation won’t just be convenient it will be the only practical way to manage SSL certificates.
We’re working to make this as seamless as possible for our customers. If you have questions about your SSL certificate or need help with reissuance, contact our support team we’re happy to help.
Nubius Solutions offers SSL certificates from trusted brands including RapidSSL, GeoTrust, and DigiCert. View our full SSL catalog at portal.nubius.io/store/ssl-certificates.