The new ballot targets certificate validity of 47 days, making automation essential. Prior to this proposal by Apple, Google promoted a 90-day maximum lifetime, but they voted in favor of Apple’s proposal almost immediately after the voting period began.
Here’s the schedule:
The maximum certificate lifetime is going down:
From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.
As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.
It's important to remember, the automatic HTTP-01 Acme Challenge only works if all hostnames in the certificate are pointing (CNAME) to your CDN.
See also:
https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article