From 398 Days to 47: How to Adapt to Shorter SSL/TLS Certificate Lifespans

If you manage websites or online services, you’ve probably gotten used to renewing your SSL certificate every year. But that’s about to change. The rules are shifting quickly, and the lifespan of standard SSL/TLS certificates is being shortened to improve web security for everyone.

New requirements from the CA/Browser Forum, the group that sets the standards for certificates and browsers, are pushing the move toward fully automated, short-term certificates. Here’s what’s changing and what it means for you.

The Countdown to 47-Day Certificates

This gradual rollout gives website owners and service providers time to adapt to the new standards. Long-term SSL certificates will cease to exist, and shorter certificate lifespans will become the new normal.

To make it crystal clear, here’s the official timeline you need to know:

The Timeline

• Right Now – March 14, 2026: You can still get certificates with a 398-day lifespan.
• Starting March 15, 2026: The maximum lifespan drops to 200 days.
• Starting March 15, 2027: It halves again to a maximum of 100 days.
• Starting March 15, 2029: We reach the final destination: a maximum lifespan of 47 days.

The main change to note is that the maximum validity for a publicly trusted SSL certificate will soon be limited to just 47 days. It’s a step toward a safer and more efficient web where certificate management happens automatically, with fewer opportunities for human error.

But why all the changes?

It all boils down to security:

• Less Room for Hackers: If a certificate or its private key gets stolen, a criminal can only misuse it for a short time. A 47-day validity period is a much smaller problem than a 2-year one.
• Faster Security Upgrades: The web’s security standards are always improving. Shorter lifetimes mean old certificates cycle out faster, ensuring everyone uses modern, stronger cryptography sooner.
• Better Agility: Need to update your security or comply with a new regulation? With automated short-lived certificates, your entire infrastructure can adapt in weeks, not years.

How KnownHost Makes This Transition Seamless

Managing certificates every 47 days may sound like an insurmountable hassle, but that is the point. Manual management is being phased out in favor of automation. The good news is that for KnownHost clients, robust automation is already built into your hosting environment.

This industry shift is a perfect example of why many businesses choose to migrate from basic shared hosting to a KnownHost VPS or Dedicated Server. Our managed platforms provide the control and flexibility required to implement automated solutions easily.

Here is how we help you stay compliant and secure.

• Built in Automation with cPanel & Plesk: Our hosting solutions come with powerful control panels that have integrated support for the ACME protocol. This is the technology that allows for automatic SSL certificate issuance and renewal through services like Let’s Encrypt. Setting up auto renewal is a simple, one time configuration.
• The Managed Hosting Advantage: On a KnownHost Managed VPS or Dedicated Server, our team ensures your underlying operating system and control panel are optimally configured to support these automated security processes. We handle the server management so you can focus on your business.
• Proactive Security: Our managed hosting environment is designed to help you adopt best practices like these quickly. By leveraging the control we provide, you can ensure your sites are always using valid, up to date certificates without the manual hassle.

Note:

This change also impacts a particular type of certificate used for machine-to-machine authentication, such as when devices or users connect securely to a corporate VPN.

Starting June 15, 2025, the Chrome Root Program will no longer accept intermediate certificates that support both server and client authentication. Additionally, all new public SSL/TLS certificates must be dedicated solely to server authentication, requiring separate certificates if client authentication is needed.

From the KnownHost perspective, organisations that rely on this technology should start preparing now. Our VPS and Dedicated Server solutions offer the ideal environment for implementing modern, automated alternatives. These may include setting up a private certificate authority or using other secure authentication methods that eliminate the need for long-term certificates while keeping your systems protected and efficient.

Your Action Plan with KnownHost

Staying ahead of these changes is straightforward with a managed hosting provider like KnownHost.

1. Enable AutoSSL Now: For the vast majority of KnownHost’s shared, VPS, and dedicated servers using cPanel or Plesk, the AutoSSL feature is your primary tool. You can enable this within your control panel to allow for automatic provisioning and renewal of free SSL certificates, ensuring continuous coverage. This is the simplest step to future-proof your sites.
2. Audit Your Certificates: Use the SSL/TLS status tools within your cPanel or Plesk control panel to review all installed certificates. Identify any long-lived, third-party commercial certificates that are not set to auto-renew and plan to replace them with an automated solution.
3. Evaluate Your Hosting Plan: If you are on a shared hosting plan where you have less control over the underlying server configuration, this is an excellent time to consider the benefits of upgrading to a KnownHost Managed VPS or Dedicated Server. These plans offer greater flexibility, root access, and are ideally suited for implementing advanced, automated certificate management across all your services.
4. Contact KnownHost Support: KnownHost is renowned for its 24/7/365 expert support. If you have specific questions about configuring AutoSSL, need help with a commercial certificate, or want to discuss how your specific plan handles these changes, our support team is always here to assist you.

The move to shorter certificate lifespans is a positive step for a more secure internet. For KnownHost clients, it is a change we are perfectly positioned to handle together. By leveraging the automation and managed services already built into our hosting solutions, you can meet these new requirements with confidence and zero stress. Let us handle the technical details, so you can focus on what matters most.