SSL Certificate Validity Periods Are Changing to 200 Days

SSL Certificate Validity Periods Are Changing to 200 Days

Rachel Green

The SSL Certificate industry is introducing a significant change to maximum validity periods. From March 15, 2026, SSL Certificates will be issued with a maximum validity of 200 days, which is just over six months.

This article explains what this change means for website owners and how the reissuance process works to maintain continuous SSL Certificate coverage throughout your purchased license period.

Why SSL Certificate Validity Is Changing to 200 Days

The reduction in SSL Certificate validity periods is driven by the need to regularly confirm that the Certificate holder is still entitled to use the SSL Certificate. The CA/Browser Forum approved Ballot SC-081v3, initially proposed by Apple and endorsed by Sectigo, which formally mandates this reduction. A 200-day maximum validity period ensures that domain ownership and organizational details are verified more frequently, which strengthens the overall security of the public trust ecosystem.

This change takes effect on March 15, 2026 and applies across the entire industry. It is not specific to any single SSL Certificate provider. SSL Certificates issued before this date with longer validity periods will continue to function normally and will not require early renewal or replacement.

Under this model, when an SSL Certificate is issued on or after March 15, 2026, it will be valid for a maximum of 200 days. To maintain uninterrupted coverage for the full duration of your purchased license, you will need to obtain a free extension before the currently installed SSL Certificate expires.

This extension process serves as a revalidation checkpoint, confirming that you remain the rightful owner of the domain and are still entitled to the SSL Certificate.

How the Free Extension Process Works

The extension process is largely automated and typically completes instantly. Trustico® provides this reissuance facility through the tracking system, which is accessible from your customer account. When you perform a reissue, the newly issued SSL Certificate will carry the maximum validity allowed by the remaining balance of your purchased license period.

No new Certificate Signing Request (CSR) is required, although you may provide one if you wish. If you have lost your existing Private Key or need to generate a new key pair for any reason, submitting a new Certificate Signing Request (CSR) at the time of reissue is the appropriate course of action.

Note : Reissues can be performed at any time through the Trustico® tracking system, not only when an SSL Certificate is approaching expiration. If you need to reissue for any reason, such as a server migration or a change of hosting environment, the facility is always available.

What You Need to Do

The most important step is to ensure you perform the free extension before your currently installed SSL Certificate expires. Trustico® recommends setting a reminder or calendar alert approximately two weeks before the expiration date of your installed SSL Certificate. This gives you sufficient time to complete the reissue and install the newly issued SSL Certificate without any gap in coverage.

Trustico® also provides monitoring alerts that notify you when an SSL Certificate is approaching expiration. These alerts rely on Trustico® being able to detect your SSL Certificate installed on a publicly accessible server. If your SSL Certificate is not publicly visible, for example because it is behind a firewall or on an internal network, the monitoring system will not be able to detect it and therefore will not send an alert.

For this reason, you should not rely solely on monitoring alerts and should always maintain your own reminder system. Learn About Trustico® SSL Certificate Monitoring 🔗

Completing a Reissue

To reissue your SSL Certificate, log in to your Trustico® customer account and navigate to the relevant order within the tracking system. Select the reissue option and follow the prompts. In most cases, no additional domain validation is required, which means the process completes automatically and your new SSL Certificate is available for download almost immediately. Learn About How to Reissue an SSL Certificate 🔗

Tip : If you are reissuing without changing your Certificate Signing Request (CSR) or validation details, choose the same validation method you used previously. This helps ensure the fastest possible processing time.

If you do change the Certificate Signing Request (CSR) or modify existing validation details, some level of revalidation may be required before the new SSL Certificate can be issued. Choosing a different validation method may also introduce additional processing time. Keeping your details consistent across reissues is the most efficient approach. Learn About the Validation Procedure 🔗

Downloading Your Newly Issued SSL Certificate

After the reissue completes, your newly issued SSL Certificate will be available for download directly from the tracking system. Simply navigate to the download page within your order and retrieve the SSL Certificate files.

If you prefer to receive the SSL Certificate by e-mail, you can enter an e-mail address on the download page and click the send button. The SSL Certificate files will be delivered to the specified e-mail address.

Once downloaded, install the newly issued SSL Certificate on your server in the same way you installed the original.

The Broader Industry Timeline

The 200-day maximum validity period is the first step in a phased reduction approved by the CA/Browser Forum. The full timeline for SSL Certificate maximum validity reductions is as follows.

March 15, 2026 : Maximum SSL Certificate validity reduces to 200 days, accommodating a six-month renewal cadence. The Domain Control Validation (DCV) reuse period also reduces to 200 days.

March 15, 2027 : Maximum SSL Certificate validity reduces to 100 days, accommodating a three-month renewal cadence. The Domain Control Validation (DCV) reuse period reduces to 100 days.

March 15, 2029 : Maximum SSL Certificate validity reduces to 47 days, accommodating a one-month renewal cadence. The Domain Control Validation (DCV) reuse period reduces to 10 days.

Trustico® will continue to provide tools, services, and guidance to help customers adapt to each phase of this transition as it arrives.

Looking Ahead

Trustico® is developing additional tools and services to make the reissuance and extension process even more streamlined. As these become available, customers will benefit from further automation and convenience.

In the meantime, the current tracking system provides a straightforward and reliable way to manage your SSL Certificate reissues and maintain continuous protection for your website. Learn About the Trustico® Tracking System 🔗

Important : Your SSL Certificate purchase is a license that covers a defined period. The 200-day validity limit does not reduce what you have paid for. It simply means you will perform a free, typically instant reissue partway through your license period to maintain continuous coverage.

Back to Blog

Most Popular Questions

Learn about the change to SSL Certificate maximum validity periods taking effect on March 15, 2026, which limits issued SSL Certificates to 200 days. This guide explains why the change is happening, the CA/Browser Forum ballot behind it, how the free extension process works, and the broader industry timeline toward 47-day validity by 2029.

When does the 200-day SSL Certificate validity limit take effect?

The 200-day maximum validity period takes effect on March 15, 2026. From this date, all newly issued SSL Certificates will be valid for a maximum of 200 days. SSL Certificates issued before March 15, 2026 with longer validity periods will continue to function normally and will not require early renewal or replacement.

Why are SSL Certificate validity periods being reduced to 200 days?

The CA/Browser Forum approved Ballot SC-081v3, initially proposed by Apple and endorsed by Sectigo, which mandates this reduction. The change ensures that domain ownership and organizational details are verified more frequently, strengthening the overall security of the public trust ecosystem. This is an industry-wide requirement and is not specific to any single SSL Certificate provider.

Does the 200-day validity limit mean I am paying for less coverage?

No. Your SSL Certificate purchase is a license that covers a defined period. The 200-day limit applies to each individual issuance within that license period, not to the total coverage you have paid for. You maintain continuous coverage by performing a free extension before each 200-day validity window expires.

What is the free extension process and how does it work?

The free extension is a reissuance of your SSL Certificate through the Trustico® tracking system. The process is largely automated and typically completes instantly. When you perform a reissue, the newly issued SSL Certificate will carry the maximum validity allowed by the remaining balance of your purchased license period.

Do I need to generate a new Certificate Signing Request (CSR) for the extension?

No. A new Certificate Signing Request (CSR) is not required when performing a free extension. You may provide one if you wish, but it is not necessary unless you have lost your existing Private Key or need to generate a new key pair for any reason.

Is domain validation required each time I perform an extension?

In most cases, no additional domain validation is required, and the process completes automatically. However, if you change the Certificate Signing Request (CSR) or modify existing validation details, some level of revalidation may be needed. Choosing the same validation method you used previously helps ensure the fastest possible processing time.

How do I perform a reissue in the Trustico® tracking system?

Log in to your Trustico® customer account and navigate to the relevant order within the tracking system. Select the reissue option and follow the prompts. Once the reissue completes, the newly issued SSL Certificate will be available for download directly from the tracking system.

Can I perform a reissue at any time or only when my SSL Certificate is about to expire?

Reissues can be performed at any time through the Trustico® tracking system. You do not need to wait until your SSL Certificate is approaching expiration. If you need to reissue for any reason, such as a server migration or a change of hosting environment, the facility is always available.

How do I download my newly issued SSL Certificate after a reissue?

Navigate to the download page within your order in the Trustico® tracking system and retrieve the SSL Certificate files directly. If you prefer to receive the files by e-mail, enter an e-mail address on the download page and click the send button to have them delivered to the specified address.

How will I know when my SSL Certificate is approaching expiration?

Trustico® recommends setting a reminder or calendar alert approximately two weeks before the expiration date of your installed SSL Certificate. Trustico® also provides monitoring alerts, but these rely on detecting your SSL Certificate installed on a publicly accessible server. If your SSL Certificate is not publicly visible, the monitoring system will not be able to send an alert.

Why might I not receive a monitoring alert from Trustico® before my SSL Certificate expires?

Trustico® monitoring alerts work by checking for your SSL Certificate on a publicly accessible server. If your SSL Certificate is behind a firewall, on an internal network, or otherwise not publicly visible, the monitoring system cannot detect it and will not send an alert. For this reason, you should always maintain your own reminder system in addition to relying on monitoring alerts.

Do I need to reinstall my SSL Certificate after performing a reissue?

Yes. After performing a reissue, you will need to download the newly issued SSL Certificate and install it on your server in the same way you installed the original. If you require assistance, Trustico® offers a Premium Installation service where a technician will handle the installation on your behalf.

What happens after the 200-day limit — will validity periods reduce further?

Yes. The 200-day limit taking effect on March 15, 2026 is the first phase of a broader industry timeline approved by the CA/Browser Forum. Maximum SSL Certificate validity will reduce to 100 days on March 15, 2027 and then to 47 days on March 15, 2029. Trustico® will continue to provide tools, services, and guidance to help customers adapt to each phase of this transition.

Will Trustico® offer additional tools to help manage the extension process in the future?

Yes. Trustico® is developing additional tools and services to make the reissuance and extension process even more streamlined. As these become available, customers will benefit from further automation and convenience. In the meantime, the current tracking system provides a straightforward and reliable way to manage SSL Certificate reissues.

Stay Updated - Our RSS Feed

There's never a reason to miss a post! Subscribe to our Atom/RSS feed and get instant notifications when we publish new articles about SSL Certificates, security updates, and news. Use your favorite RSS reader or news aggregator.

Subscribe via RSS/Atom