2026 SSL/TLS Certificate Validity Lifecycle Changes

The CA/Browser Forum has announced new industry requirements for SSL/TLS certificates. Starting February 24, 2026, all SSL/TLS certificates have a maximum validity of 199 days, reduced from the current 397 days. In addition, the length of time that previous domain and organization validations can be reused is shortened.

What this means for your SSL/TLS certificates

To make this transition as seamless as possible:

• You continue to purchase one-year SSL/TLS certificates, just as you do today.
• Each certificate is issued with a 199-day validity period.
• When the certificate expires after 199 days, it is automatically reissued. The reissued certificate is emailed to the end user by the SSL provider and has a validity period equal to the remaining time on the one-year purchase (166 or 167 days).
• After reissuance, the certificate must be reinstalled on your server.

This process ensures you still receive the full one-year value of your certificate purchase while complying with new industry standards.

How this affects your certificate lifecycle

• SSL/TLS certificate requests that are pending on or after February 24, 2026 follow the new 199-day issuance and automatic reissuance process.
• To receive a certificate with the longest possible validity before the change, place orders well before February 24 and ensure that all domain and organization validation requirements are up to date.
• SSL/TLS certificates issued before February 24, 2026 are not affected and remain valid until their original expiration date.

Reduced validation reuse periods

Validation reuse periods determine how long previously completed validations can be reused when reissuing a certificate. As of February 24, 2026:

Keeping your validation information current helps prevent delays during certificate issuance and reissuance.

Questions? Contact Enom Support.