What’s happening with my 1-year SSL Certificate?

Our SSL providers now limits the maximum validity of each certificate to 199 days. As a result, we are updating our processes. The order process for 1-year SSL certificates remain the same. The change affects only the certificate validity period and we are adding automation to ensure your certificates stay active without any extra effort on your part. 

 

Let’s take a deeper look at this: 

 

Changes and Impact 

  1. What is changing?

Starting February 24, 2026 (for DigiCert) and March 12, 2026 (for Sectigo), the maximum validity period for a single SSL certificate is being reduced. 

Regardless of the length of your subscription, the actual certificate file installed on your server will now have a maximum lifespan of 199 days.

 

  1. What is not changing?

Your contract period remains the same. 

You can still purchase a 1-year (365-day) subscription. Your pricing and billing cycle will not change; you still only pay once per year.

We will just reissue mid-year to provide with the providers new rules. We will remind and support you with renewal reminders and there is no changes to your hosting product, just the SSL certificate. 

 

  1. Why is the validity now 199 days? 

This is an industry-wide change mandated by the CA/Browser Forum (the governing body of the SSL industry). 

Shorter lifespans improve security by ensuring that encryption keys are rotated more frequently and that domain ownership is verified more often. 

Our SSL provider is enforcing a shorter maximum certificate period. We will reissue your SSL certificate automatically during your 1 year term to ensure your site remains compliant and secure. 

 

Ordering and Re-issue Process 

  1. How will my 1-year SSL order work now? 

When you buy a 1-year subscription, you are paying for 365 days of coverage. However, because a single certificate can only last 199 days, your 1-year "order" will consist of two consecutive certificates. Halfway through the year, you will perform a "reissue" to get a new certificate for the remaining time.

  • Place your 1-year SSL Order.
  • We issue the first certificate with 199 days validity. 
  • We notify you ahead of expiry to prepare you for your CSR (Certificate Signing Request). 
  • Upload the CSR using our instructions.
  • We issue, notify and share your new certificate.
  • Your SSL coverage continues for the full year without any interruptions

     

  1. What do I need to do?  

When your mid-year certificate is nearing its 199 days limit, you will need to reissue the certificate and install the new certificate file on your server. 

We will notify you well in advance when it is time to do this. You will receive notifications 30 days and 15 days before the expiry date of the active certificate.

When we ask for your CSR, please upload your CSR promptly. 

 

  1. Will I be charged again for the mid-year reissue? 

No. You only pay once per year for your subscription. The mid-year reissue is included in your 1-year contract price at no additional cost. But you have to complete the verification with the CA again.

 

Managing Certificates 

  1. Where can I view my current SSL Certificates and their expiry dates? 

You can manage all your certificates in the Customer Dashboard under the "SSL Certificates" section. There, you can see both your Subscription Expiry (when you need to pay again) and your Certificate Expiry (when you need to reissue/reinstall).

 

  1. What notifications will I receive? 

You will receive the following notifications: 

  • Order Confirmation: Immediately after your 1year purchase (explains the automatic reapply)
  • CSR Reminder: 30 days before expire. Please get your CSR ready.
  • CSR Reminder: 15 days before expiry. Please note this is your final preparation reminder.
  • Certificate Ready: After validation/issuance—we’ll notify you your new certificate is available

Since certificates now expire twice as often, we recommend whitelisting our notification emails to ensure you never miss a deadline.

 

  1. Do I need to change anything on my hosting? 

    Yes. Every time a certificate is reissued, you must upload and install the new certificate file to your web server or hosting.
     
  2. Does this affect DV, OV and EV certificates differently? 

    DV (Domain Validation) handles validation the fastest with validation done on domain control. 

    Meanwhile, OV and EV may require organisation and identity validation. If your validation paperwork stays current, the mid-term reissue is typically faster. Please respond promptly to any validation requests. 

 

Policies and Best Practices 

Can I cancel or get a refund? 

Standard cancellation and refund policies still apply to your purchased term. 

 

Discover our recommended security best practices. 

  • Keep your private key secure and never share it.
  • Use 2048bit or stronger keys.
  • Rotate keys if you suspect compromise and please contact support team immediately.
  • Maintain updated contact emails so you receive all reminders.

     

Why SSL Certificate Lifetimes Are Getting Shorter

The internet is shifting to strong security so SSL certificate lifetimes will drop to 47 days by 2029. What does this mean? 

  • Stronger security: Stolen certificates become useless faster. 
  • Always up-to-date encryption: Frequent renewals prevent outdated security.
  • Easier upgrades Faster transitions to new protections. 
  • Fewer outages: Short lifetimes encourage automation.

     

Why You Should Create New Keys When ReIssuing Certificates

It’s best to generate a new private key every time you re-issue a certificate. Shorter certificate lifetimes only improve security if the key changes too. 

Why it matters: 

  • Stronger security: Long-lived keys are more likely to be exposed – rotating them reduces that risk. 
  • Limits damage: If a key is compromised, renewal and a new key stops attackers from using it long-term. 
  • Future-ready: Frequent key changes make it easier to adopt new algorithms. 
  • Fewer operational mistakes: New keys prevent accidental reuse of old or widely distributed keys. 

Was this article helpful?
0 out of 0 found this helpful