Shortened TLS/SSL Certificate Validity:
Frequently Asked Questions

DigiCert will meet the first phase of the industry’s move toward 47-day certificates on February 24, 2026, at 18:00 UTC.

Starting at that time, all public TLS/SSL certificates issued by DigiCert will have a maximum validity of 199 days, including EU Qualified Website Authentication Certificate (QWAC) and QWAC PSD2 certificates. Be sure to complete any order requests with greater than 199-day validity well before this date.

Note: This change applies to reissued certificates as well, even if the original certificate’s validity period exceeds 199 days.

See Moving to 199-day validity for public TLS certificates to learn more.

Related OV organization validation change

• February 24, 2026, at 18:00 UTC – DigiCert’s domain validation reuse period will be shortened from 825 to 397 days. OV organizations must now be revalidated every 397 days. 
   
  Note: DigiCert’s validation reuse period for existing OV organizations will also be shortened to 397 days on February 24.
   

Related domain validation change:

• February 24, 2026, at 18:00 UTC – DigiCert’s domain validation reuse period will be shortened from 397 days to 199 days.  
   
  Note: DigiCert’s validation reuse period for existing domains will also be shortened to 199 days on February 24.

DigiCert is enforcing the change earlier to ensure all systems are fully aligned and stable ahead of March 15, and to prevent any risk of issuing certificates that exceed the CA/B Forum's new 200-day limit.

DigiCert sets the maximum validity period one day shorter than the CA/Browser Forums' hard 200-day maximum to avoid any risk of exceeding the permitted validity due to time calculations or edge cases. In fact, the CA/Browser Forum itself also recommends aiming for 199 days in the TLS Baseline Requirements, Section 6.3.2.

Certificate validity changes

• Public EV products

• Public OV products

• Public DV products

• EU Qualified Website Authentication Certificates (QWAC)

• EU Qualified Website Authentication Certificates PSD2 (QWAC PSD2)

OV organization validation reuse changes

• Public OV products

• X9 certificates that leverage OV organization validation

Domain validation reuse changes

• Public EV products

• Public OV products

• Public DV products (CIS customers only)

• EU Qualified Website Authentication Certificates (QWAC)

• EU Qualified Website Authentication Certificates PSD2 (QWAC PSD2)

• PKIo Private Services Server

• X9 for TLS

• CertCentral

• CertCentral Europe

• Trust Lifecycle Manager

API order requests with a validity period greater than 199 days will be automatically adjusted to 199 days on February 24, 2026. This change is intended to prevent unexpected errors and ensure your requests continue to process successfully.

See CertCentral Services API requests will automatically be adjusted to 199 days to learn more about impact to API behaviors and endpoints.

Learn more

No. Your existing certificates will not be impacted by the change on February 24. Certificates issued prior to February 24 will remain valid through their original expiration date.

To learn more, see: 

• Organization validation reuse changes for public OV TLS certificates in 2026

• Domain validation reuse changes in 2026

No. Existing certificates are not affected when the associated domain or organization validation expires. You can continue to use the certificates until they expire.

No, you don’t need to reissue your existing certificates. You can continue to use them until they expire.

No. You cannot submit a duplicate request if the associated domain or organization validation has expired. Once both the organization and domain validation are up to date (revalidated), you will be able to submit the duplicate request.

Yes. You can still submit a reissue order request even if the associated domain or organization validation has expired. However, the domain or organization will need to be revalidated before the certificate can be issued.

The maximum certificate validity will be shortened to 47 days by 2029, which will make manual certificate lifecycle management (CLM) impractical. DigiCert strongly recommends you adopt automation solutions through CertCentral and our enterprise certificate management solution, Trust Lifecycle Manager. Contact your account manager if you want to learn more about automation.

See additional resources:

• 47 days: The New certificate Lifetime Proposed by Apple

• TLS Certificate Lifetimes Will Officially Reduce to 47 Days

• Why Certificate Automation is an Absolute Must

• How-and-why-to automate certificate management

Still need assistance? DigiCert’s support team is happy to help.