If your SSL certificate provider recently told you that certificate validity periods are changing, you are not alone. This is happening to every business that operates a website. It is not a decision your provider made on their own. It is a global industry mandate, and every certificate provider in the world is required to follow it.
Here is what you need to know.
SSL certificates are the technology behind the padlock icon in your browser. They verify that your website is secure and that visitors are actually connecting to you and not someone impersonating you. Until now, those certificates could remain valid for just over a year. Starting March 15, 2026, the maximum validity period drops to 200 days, roughly six and a half months.
This means certificates will need to be renewed more frequently than before. If that process is being managed for you now, nothing changes from your perspective. If you are handling certificates on your own, now is the time to address that before it becomes a problem.
This change is also not a one-time adjustment. The industry has already committed to further reductions in 2027 and 2029. The direction is clear: certificates will continue to get shorter, and automation will become the standard way to manage them.
Certificates need to be renewed more often. That is simply the new reality. The additional technical support effort to manage that is a small price to pay compared to what an expired certificate costs you. Outages, browser security warnings, and damaged customer trust are not problems you want to explain to your customers.
The right time to get ahead of this is now, not when a certificate expires and your site goes down.
Less worry. Better sleep. Team OFM handles the IT. You handle your business.
The CA/Browser Forum is the governing body that sets the rules for publicly trusted SSL/TLS certificates. Its membership includes major browser vendors such as Google, Apple, and Mozilla, along with the Certificate Authorities that issue certificates. When this body passes a rule, every CA must comply or risk having their root certificates distrusted by browsers, which would break HTTPS for any site using their certificates.
In early 2025, the CA/Browser Forum passed ballot SC-081, mandating a phased reduction in maximum certificate validity. The enforcement mechanism is simple: if a CA issues a certificate that exceeds the maximum allowed lifetime, browsers will reject it. That gives the rule real teeth regardless of what any individual provider might prefer.
The primary driver is risk reduction. When a private key is compromised through a breach, a misconfiguration, or a supply chain attack, the damage it can do is bounded by how long the associated certificate remains valid. Under the previous model, that exposure window was over a year. Shorter lifetimes reduce it significantly.
There is also the question of cryptographic agility. The security industry is actively preparing for the transition to post-quantum cryptography. When that transition is mandated, the ecosystem needs to be able to rotate to new algorithms globally and quickly. Long-lived certificates are a structural obstacle to that kind of rapid change. Shorter validity periods mean that outdated cryptographic standards cycle out of production faster.
The 200-day cap taking effect in March 2026 is the first of three planned reductions under ballot SC-081. In March 2027, the maximum drops to 100 days. In March 2029, it drops again to 47 days, just over six weeks. At that point, a certificate that is not renewed on schedule will expire before most people would even think to check on it. Automated certificate lifecycle management will not be optional at that stage. It will be the only practical approach.
Many Certificate Authorities are already enforcing slightly tighter caps, 199 days rather than 200, to provide a buffer against accidental non-compliance at the boundary.
Certificates issued before March 15, 2026 keep their full original validity period. Certificates issued on or after that date are subject to the 200-day limit. If you purchased a multi-year certificate plan, you will need to reissue that certificate mid-term to use the full prepaid period. The cost of the certificate itself does not change. What does change is the labor required to manage more frequent renewals.
