TLS Certificate Validity to Be Shortened to 47 Days by 2029 – What It Means for You
The CA/Browser Forum has officially announced a major shift in SSL/TLS certificate policy that will impact organizations and website operators globally. By March 15, 2029, the maximum validity period for public TLS certificates will be reduced to 47 days.
This change is part of a broader effort to enhance online security by shortening the window of exposure for potentially compromised certificates. At Reg.Asia, we recognize the operational impact this may have on businesses and are here to help you prepare with clarity and strategy.
Overview of the Change
TLS certificate validity periods will be shortened gradually over several years, allowing time for infrastructure, policy, and process adjustments.
|
Effective Date
|
New Maximum Certificate Validity
|
|---|---|
Additionally, starting March 2029, the reuse period for Domain Control Validation (DCV) will be reduced to 10 days, down from the current 30 days.
Validation Reuse Periods Are Also Being Shortened
The reuse periods for domain, IP address, and Subject Identity Information (SII) validation will also be shortened.
|
Effective Date
|
Maximum Reuse Period
|
Applies To
|
|---|---|---|
|
Until March 15, 2026
|
398 days
|
Domain and IP Address Validation
|
|
As of March 15, 2026
|
200 days
|
Domain and IP address validation
|
|
As of March 15, 2027
|
100 days
|
Domain and IP address validation
|
|
As of March 15, 2029
|
10 days
|
Domain and IP address validation
|
*SII applies to Organization Validation (OV) and Extended Validation (EV) certificates only. Domain Validation (DV) is unaffected by this change.
Why 47 Days?
While it may appear arbitrary, the 47-day limit is part of a strategic reduction model aimed at aligning certificate renewals with calendar-based cycles while maintaining a minimal risk window.
Here’s how the reduction timeline breaks down:
|
Target Validity
|
Break Down
|
|---|---|
|
200 Days
|
6 maximal month (184 days) + 1/2 30-day month (15 days) + 1 day wiggle room
|
|
100 Days
|
3 maximal month (92 days) + ~1/4 30-day month (7 days) + 1 day wiggle room
|
|
47 Days
|
1 maximal month (31 days) + 1/2 30-day month (15 days) + 1 day wiggle room
|
Why This Change Matters
- Shortening TLS certificate lifespans is expected to:
- Reduce security risks from long-term certificate misuse
- Promote automation as a standard for certificate lifecycle management
- Enhance operational hygiene by eliminating overlooked or outdated certificates
While beneficial from a security standpoint, this change introduces new operational complexities for IT teams, DevOps, and security administrators.
Will Frequent Replacements Cost More?
As certificate lifespans shrink, manual certificate renewal will become unsustainable. A missed renewal could lead to downtime, browser warnings, or worse—compromised trust.
Leading tech companies, including Apple, have already made clear their expectation that TLS certificates be managed through automated lifecycle solutions. At Reg.Asia, we fully support this move and encourage early adoption of automation.
How to Prepare with DigiCert Solutions
As a trusted platinum partner of DigiCert, Reg.Asia provides access to world-class automation tools built for high-assurance, enterprise-scale environments:
DigiCert Trust Lifecycle Manager (TLM)
An advanced certificate management solution that enables:
- Automated certificate issuance and renewal
- Centralized visibility and control
- Policy-based enforcement and reporting
CertCentral with ACME Protocol Support
Ideal for DevOps and cloud-native environments, CertCentral offers:
- Automation for DV, OV, and EV certificate issuance
- Support for ACME Renewal Information (ARI)
- Seamless integration with your CI/CD or ITSM pipelines
Looking Ahead
The reduction in certificate lifespans is a turning point for internet security. It encourages best practices—but also demands action.
At Reg.Asia, we’re here to support organizations transitioning to a more secure, automated certificate ecosystem. Whether you manage a single brand or a large domain portfolio, our team can guide you through the steps to modernize your certificate infrastructure.
Need help preparing? Contact Us for a consultation with our team.