What the 2029 47-Day SSL certificates mean for website owners

Over the last few years, website owners have likely noticed a common trend with SSL certificates. SSL lifetime periods have been getting shorter and shorter. And that trend is set to continue. This all came from a ballot we covered in a blog earlier this year. In June 2025, the CA/Browser Forum approved a phased reduction in public TLS certificate validity periods. This year, it was reduced to 200 days. By 2029, it will be 47 days. 

If you’re wondering why these changes are happening and what it means for you, you’ve come to the right place.

Why SSL certificate lifetimes keep getting shorter

When an SSL certificate is issued, the issuing Certificate Authority (CA) verifies various facts about the requester before handing over the SSL. The most basic being domain ownership. Depending on the validation level, they may also perform more in-depth checks about the organization. So, not only does an SSL encrypt the connection between a website and server, but it’s also proof that a website has gained CA approval.

The problem is, the longer a certificate remains valid, the less secure things can become. For example, a domain may change ownership, a private key may be exposed, Validation information may no longer reflect reality, or a certificate may have been misissued. Shorter certificate lifetimes reduce the window in which outdated or compromised information can remain trusted by browsers.

The CA/Browser Forum phased timeline schedule is as follows:

• March 15, 2026: maximum certificate validity was reduced to 200 days
• March 15, 2027: maximum certificate validity reduces to 100 days
• March 15, 2029: maximum certificate validity reduces to 47 days

While this reduction means things will be safer for everyone, website owners and IT teams may need to rethink how domain validation, renewal workflows, notifications, and installation processes are handled.

What 47-day certificates mean for website owners

For a small personal website with one certificate and a good automated setup, the change may not feel dramatic. If renewal and installation already happen automatically, shorter certificate lifetimes may simply become part of the background.

For businesses that still renew certificates manually, the change will likely have more impact. The shorter validity period could lead to:

• Forgetting to renew a certificate
• Renewing the certificate but failing to install it correctly
• Missing domain validation deadlines
• Losing track of certificates across multiple servers or services

When a certificate expires, browsers show security warnings, customers lose trust, APIs may break, and internal tools could become unavailable. For an e-commerce website, even a short outage can mean lost revenue. For SaaS platforms, certificate failures can affect customer access and integrations. For agencies and hosting providers, the risk multiplies across every client site they manage.

Why SSL automation is becoming essential 

With certificate automation, you can avoid everything we discussed in the previous section. Depending on the type of automation, it can handle things like requesting, validating, issuing, installing, renewing, and even replacing the certificate on the server. For small website owners, automation may be as simple as using a hosting provider or SSL store that handles SSL renewals automatically. For larger organizations, it may involve certificate lifecycle management platforms, APIs, ACME clients, DevOps workflows, and monitoring systems.

As a result of these planned changes, this year, SSLs.com will be adding multiple SSL automation methods to make your life easier, including: 

• Web-based automation (SSL Proxy)
• Server-side automation (SSL Genie)
• Automatic domain control validation (DCV) + automatic issuance (manual installation)

What website owners should do now

Don’t wait until 2029 to update your SSL certificate workflow; start preparing now by following this checklist:

• Make an inventory of your certificates – Take note of wherever you have SSL installed, whether it be websites, mail servers, or client portals.
• Find out which renewals are manual – Once you know where certificates exist, identify how each one is renewed. If the answer is “someone handles it manually,” that process needs attention.
• Move toward automation early – Do not wait until certificate lifetimes reach 47 days. It will be much less stressful to test automation while deadlines are still manageable.
• Review your hosting and SSL provider setup – If you rely on a hosting company, CDN, or managed service, ask how they are preparing for shorter SSL lifetimes. If they still do things manually, they may not be ready for 2029.

The takeaway

The move toward 47-day SSL certificates is part of a broader industry shift toward shorter certificate lifetimes. Experts believe this will lead to better validation hygiene and more reliable certificate lifecycle management. The key to making the transition painless is automation. If your certificate process already runs automatically and reliably, you don’t need to change anything. If you still rely on manual renewals, calendar reminders, and last-minute certificate installation, now is the time to update your methods.

FAQ

Are 47-day SSL certificates already required?

No. The final move to 47-day public TLS certificates is scheduled for 2029, with phased reductions before then. 

Will my current SSL certificate stop working?

No. Existing certificates remain valid until their normal expiry date, unless revoked. The changes affect maximum validity periods for certificates issued after the implementation dates.

Does this affect Let’s Encrypt, Sectigo, DigiCert, and SSL.com?

Yes. All publicly trusted certificate authorities must follow CA/Browser Forum and browser root program requirements. 

Is certificate automation becoming mandatory?

No, but it will make life much easier for website owners, particularly if you need to handle multiple SSLs for multiple domains or services.