Once the easiest non-technical means for domain control validation (DCV), using emails listed on the WHOIS as the registrant, technical, or admin contact, will no longer be available from July 15, 2025. This means that if your certificate is expiring after this date, whether it is domain validated (DV), organization validated, or an extended validated (EV) certificate, this mode of validation will be completely unusable for any new certificate issuance.
If your organization is still using WHOIS-based email for SSL certificate DCV, here are three urgent actions you need to take:
1. Audit your certificate inventory for WHOIS email dependencies
The first step is to know what you are dealing with:
- Inventory review: Use your certificate management platform (or request reports from your providers) to identify which certificates still rely on WHOIS-based email addresses.
- Expiration timeline: Prioritize certificates based on their expiration dates to avoid disruption at renewal time.
2. Transition to alternative DCV methods
WHOIS-based emails for DCV are no longer an option. You need to proactively adopt supported alternatives:
- DNS record validation: This is the most registrar-agnostic and scalable method, where a record is added to your DNS zone files.
- Web token validation: This requires uploading a file to your http folder. It is suitable if you have web server control but requires good coordination between certificate management and web operations teams.
Make sure you coordinate with your DNS or Web and IT teams to ensure readiness for these methods.
CSC is offering DCV as a Service (DCVaaS) that takes the effort out of the validation step and significantly reduces the time and workload needed from your teams for certificate issuance. Contact us to learn how you can take advantage of this free service offered to our clients.
3. Future-proof SSL certificate management with automation
Multiple teams often handle DCV today: IT, DevOps, WebOps, Security, and even external vendors. This could lead to:
- Missed renewals
- Failed validations
- Emergency escalations
To add to the complexity, the certificate industry is further reducing the certificate lifetimes starting on March 15, 2026, when the maximum lifetime of the certificate will be 200 days from the current 397 days. This will be reduced to an eventual 47 days by March 15, 2029. And DCV re-use period—the duration that a previous validation can be re-used when there is a need for a certificate re-issue—will be reduced from the current 397 days to just 10 days by March 15, 2029.
| Timeframe | Life cycle for certificates | DCV re-use period |
| March 15, 2026 | 200-day certificates | DCV re-use 200 days |
| March 15, 2027 | 100-day certificates | DCV re-use 100 days |
| March 15, 2029 | 47-day certificates | DCV re-use 10 days |
In summary, certificate renewal frequencies will increase from the current once-a-year to eight times by 2029. Any manual methods of digital certificate management will be unsustainable, and automation will no longer be a luxury but a necessity.
At CSC, we offer various tailored solutions to help organizations with their SSL automation workflows. Speak with us to find a solution that works for you.
The clock is ticking.
Once a convenience, WHOIS-based email for DCV has become a liability that could result in unexpected outages. By auditing your inventory, transitioning to alternative DCV methods, and automating, you can de-risk your certificate management and ensure future-proof SSL/TLS operations.
If you’re keen to explore DCVaaS, considering automation, or need help assessing your current posture, get in touch with us today.
