After months of anticipation, on April 11, 2025, the CA/Browser Forum finally passed by ballot the proposal to reduce digital certificate lifetimes to 47 days. The original suggested deadline for the decrease to 47 days was September 2027, but this has been updated to March 2029, with the official timeline as follows:
| Timeframe | Life cycle for certificates | Domain control validation (DCV) re-use period |
| March 15, 2026 | 200-day certificates | DCV re-use 200 days |
| March 15, 2027 | 100-day certificates | DCV re-use 100 days |
| March 15, 2029 | 47-day certificates | DCV re-use 10 days |
While preparing for this change will undoubtedly require serious thought, planning, and logistics, the reduction of the lifetime of digital certificates is a good thing from a security perspective.
Shorter certificate lifetimes = less time for bad stuff to happen if a certificate is compromised. They also make it easier to trace the root cause of security incidents, so remedial action can be taken sooner.
…provided you automate!
The reduction of certificate lifespans to 47 days will render manual certificate renewals unmanageable for any company with more than a handful of domains in its portfolio. Renewals will need to happen a minimum of eight times a year per certificate, making automated certificate renewals practically mandatory for those with substantial domain portfolios.
The first step towards automation is checking if your current web servers are Automated Certificate Management Environment (ACME) compatible. Our secure sockets layer (SSL) automation checklist can help you assess whether your current set up is automation ready.
We’re ready to talk
CSC has multiple automation options to help you address the issue of shortened certificate life cycles. If you’d like to discuss your current situation with one of our experts, complete our contact form.
