-
Platform
Back
DigiCert ONE Integrations
-
Solutions
Back
- Buy
- Company
-
Resources
Back
-
Support
Back
Resources
Contact Support- Americas
- 1.866.893.6565 (Toll-Free U.S. and Canada)
- 1.801.770.1701 (Sales)
- 1.801.701.9601 (Spanish)
- 1.800.579.2848 (Enterprise only)
- 1.801.769.0749 (Enterprise only)
- Europe, Middle East Africa
- +44.203.788.7741
- Asia Pacific, Japan
- 61.3.9674.5500
- Americas
-
Language
- Contact us
Shortened TLS/SSL Certificate Validity:
Frequently Asked Questions
In May 2025, the CA/B Forum approved a browser-sponsored ballot to reduce the maximum validity period of public TLS/SSL certificates to 47 days by 2029. The change applies to all CAs, including DigiCert, and is intended to enhance TLS/SSL security by reducing the window for compromised keys and improving cryptographic -agility.
The first stage of this reduction in validity begins March 15, 2026, at which time the maximum permitted public TLS/SSL certificate validity becomes 200 days (currently 398 days).
On February 17, 2026, in compliance with the first stage of the reduction schedule, all public TLS/SSL certificates issued through DigiCert will be limited to a maximum validity period of 199 days. All TLS/SSL order requests with the current 397-day validity period must be made by February 3, 2026, at 00:00 UTC.
The CA/B Forum ballot also includes new guidelines for domain and organization validation reuse.
See the maximum validity reduction schedules for certificates, domains, and organizations as detailed in the new CA/B Forum TLS Baseline Requirements
Public TLS/SSL validity reduction schedule
Domain validation reuse period reduction schedule
OV organization validation reuse period reduction schedule
Frequently Asked Questions
DigiCert will meet the first stage of the 47-day certificate target (200-day validity) on February 17, 2026. Starting February 17, all public TLS/SSL certificates issued through DigiCert will be limited to a maximum validity period of 199 days*. This applies to reissued certificates as well, even if the original certificate’s validity period exceeds 199 days.
DigiCert’s public TLS/SSL certificate 199-day validity schedule:
February 3, 2026, at 00:00 UTC – DigiCert customers can no longer make public TLS/SSL certificate order requests with the current maximum 397-day validity.
Note: Pending public TLS/SSL order requests with validity greater than 199 days, and placed prior to February 3, will continue to be issued until February 17, 2026.
February 17, 2026, at 18:00 UTC – all public TLS/SSL certificates, EU Qualified Website Authentication Certificates (QWAC), and QWAC PSD2 certificates issued through DigiCert will be limited to a maximum validity period of 199 days.
Note 1: Starting February 17, pending order requests with a validity greater than 199 days will also be issued with a truncated certificate validity period of 199 days.
Note 2: This change applies to reissued certificates as well, even if the original certificate’s validity period exceeds 199 days.
Related OV organization validation change
February 3, 2026, at 00:00 UTC – The OV organization validity reuse period will be shortened from 825 days to 397 days. OV organizations must now be revalidated every 397 days.
Note: The validity reuse period for existing OV organizations will also be shortened to 397 days on February 3. See below for more information
Related domain validation change:
February 17, 2026, at 18:00 UTC – The domain validition reuse period will be shortened from 397 days to 199 days.
Note: The validity reuse period for existing domains will also be shortened to 199 days on February 17. See below for more information.
*DigiCert’s maximum certificate validity and domain/organization validation reuse periods are set to one day less than the CA/Browser Forum’s allowable maximums to ensure that we never exceed the permitted windows.
Certificate validity changes
Public EV products
Public OV products
Public DV products
EU Qualified Website Authentication Certificates (QWAC)
EU Qualified Website Authentication Certificates PSD2 (QWAC PSD2)
OV organization validation reuse changes
Public OV products
X9 certificates that leverage OV organization validation
Domain validation reuse changes
Public EV products
Public OV products
Public DV products (CIS customers only)
EU Qualified Website Authentication Certificates (QWAC)
EU Qualified Website Authentication Certificates PSD2 (QWAC PSD2)
PKIo Private Services Server
X9 for TLS
API order requests with a validity period greater than 199 days will be automatically adjusted to 199 days on February 3, 2026. This behavior is intended to prevent unexpected errors and ensure your requests continue to process successfully.
See Moving to 199-day validity for public TLS certificates to learn more about impact to API behaviors and endpoints.
No immediate action is required, but we recommend you prepare for the shortened organization and domain validation reuse period if you rely on instant certificate issuance.
Review your existing organization validation expiration dates.
On February 3, 2026, DigiCert will shorten the reuse period for existing OV organization validations from 825 days to 397 days.
OV organizations that were validated prior to January 3, 2025, will expire immediately on February 3, 2026.
To help you review, DigiCert will display the 397-day OV organization expiration date alongside the current 825-day OV organization expiration date on the organization detail page. This data is available under Certificates > Organizations in your CertCentral account.
If you need to revalidate your organizations before their scheduled expiration date, contact DigiCert Support.
See Organization validation reuse changes for public OV TLS certificates in 2026 to learn more.
Review your existing domain validation expiration dates.
On February 17, 2026, DigiCert will shorten the reuse period for existing domain validations from 397 days to 199 days.
Domains validated prior to August 3, 2025, will expire immediately on February 17, 2026.
To help you review, DigiCert will display the 199-day domain expiration date alongside the current 397-day domain expiration date in CertCentral. This data is available under Certificates > Domains > Domain details in your CertCentral account.
Domains can be revalidated as needed via Certificates > Domains > Domain details.
See Domain validation reuse changes in 2026 to learn more.
No. Existing certificates are not affected when the associated domain or organization validation expires. You can continue to use the certificates until they expire.
No, you don’t need to reissue your existing certificates. You can continue to use them until they expire.
No. You cannot submit a duplicate request if the associated domain or organization validation has expired. Once both the organization and domain validation are up to date (revalidated), you will be able to submit the duplicate request.
Yes. You can still submit a Reissue order request even if the associated domain or organization validation has expired. However, the domain or organization will need to be revalidated before the certificate can be issued.
The maximum certificate validity will be shortened to 47 days by 2029, which will make manual certificate lifecycle management (CLM) impractical. DigiCert strongly recommends you adopt automation solutions through CertCentral and our enterprise certificate management solution, Trust Lifecycle Manager. Contact your account manager if you want to learn more about automation.
See additional resources:
Still need assistance? DigiCert’s support team is happy to help.
-
The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.
-
-
Company
-
My Account
-
Resources
-
Sites
-
© 2025 DigiCert, Inc. All rights reserved.
Legal Repository Audits & Certifications Terms of Use Privacy Center Accessibility Cookie Settings