Dear Valued Customers,

We are writing to inform you of an upcoming, industry-mandated change that affects public TLS/SSL certificate lifetimes, with enforcement beginning on March 12, 2026.

 

This change applies to all Certification Authorities (CA) and impacts how certificates are issued and managed going forward. It is important to note that there are additional impacts on our enterprise customers utilizing Domain Control Validation (DCV) pre-validation.

 

What is changing?

After March 12, 2026, Certificate Authority (CA) will enforce industry requirements to shorten the lifespan of TLS certificates to 6 months.  

 

In addition, the DCV reuse period is being reduced to approximately six months, increasing how often domain control must be revalidated.

 

This change applies industry-wide, but it is especially impactful for customers using domain pre-validation, such as those managing certificates at scale through SCM. For these customers, previously valid domain pre-validations may be shortened, making proactive renewal critical to avoid certificate issuance interruptions.

The following are the details of how we are implementing the industry requirements:

  • Maximum public TLS/SSL certificate validity will go down to 199 days after March 12, 2026. This is 6 months plus extra time for you to renew your certificate.

  • Domain Control Validation (DCV) reuse will be limited to 198 days.  For our enterprise customers, this is six months with extra time for you to update your domain pre-validation prior to certificate renewal.

These changes apply to all new certificates, including reissued certificates after March 12th, as well as all new and existing domain validation records irrespective of the time requested or created. Please be advised that certificates will not be issued after March 12th relying on the domain validation record older than 198 days.

Why this matters:

Shorter certificate lifetimes stand to strengthen security across the web by reducing the impact of compromised certificates.

 

As a result:

  • Certificates will need more frequent renewal

  • Domain Control Validation must be satisfied on a continuous basis to comply with the new DCV reuse limitation

  • Domain validations that appear usable today may require revalidation earlier than expected

Without preparation, this could lead to certificate issuance or reissuance delays.

What you should know now:

  • Existing certificates will remain valid until their expiration

  • Reissuance will be subject to the new DCV reuse period limitation

  • Certificates (re)issued after March 12, 2026, will be subject to the new maximum term requirement

  • A single certificate will no longer span the full one-year product term. One-year TLS products will follow the same model used today for multi-year TLS products: certificates are issued for the maximum allowed validity or the remaining time in the purchased term (whichever is shorter), and reissuance is required to obtain the next certificate


    Please refer to the link below for the official article from our SSL/TLS partner Sectigo :

    Preparing For The Future: Apple’s 47-Day Certificate Lifespan Proposal
    https://www.sectigo.com/blog/47-day-certificate-lifespan-proposal


Friday, February 6, 2026

« Back