A major shift in web security is on the horizon. Big tech players and certificate authorities have agreed to slash the lifespan of TLS certificates—again. By 2029, these digital certificates, which are essential for secure HTTPS connections, will be valid for just 47 days.
The move builds on a 2020 decision by browser makers like Google, Apple, and Mozilla to cut the maximum validity from 825 days to 398. That change aimed to tighten web security and reduce the window of exposure if a certificate is compromised. Now, with consensus reached at the CA/Browser Forum—a group that includes certificate authorities and browser vendors—TLS certificates will become even shorter-lived.
The rollout will be gradual. Starting March 15, 2026, TLS certificates will drop from 398 days to 200. One year later, they’ll fall again to 100 days. Then, by March 15, 2029, the maximum certificate lifespan will be just 47 days.
This timeline has the backing of some of the internet’s most influential players. Companies like Microsoft, Apple, Google, Mozilla, Amazon, Sectigo, DigiCert, SSL.com, GoDaddy, and Entrust have all agreed to the plan. While some members abstained, none voted against it.
Shorter certificate lifespans make the internet safer by reducing the time malicious actors have to exploit compromised or misissued certificates. But the change isn’t without its hurdles—especially for organizations that still renew their certificates manually. Updating certificates every few weeks could overwhelm teams without the right tools.
That’s where automation comes in. Certificate authorities have been steadily improving automation tools to make certificate renewal smoother and faster. The hope is that shorter lifespans will push more organizations to adopt these systems.
DigiCert, one of the largest certificate providers, emphasized that this shift won’t raise costs. TLS certificates are already sold on an annual subscription basis, so renewing more often doesn’t necessarily mean paying more. In fact, DigiCert noted that many users who automate certificate management tend to switch to shorter cycles on their own.
They also stressed that by the time TLS certificate lifespans reach 100 days in 2027, manual renewals will likely be too impractical to sustain. As a result, organizations are expected to embrace automation well before the final 2029 changes kick in.
With this agreement in place, the countdown begins. The future of secure web communication is not just about encryption—it’s also about keeping that encryption up to date, fast.
