The maximum allowed SSL certificate lifetime has decreased over time as browsers and the CA/B Forum have pushed for shorter validity periods to improve security and encourage automation.
Max SSL validity period changes:
- March 12, 2026 – 200 days (just under 7 months)
- August 18, 2020 – 1 year (398 days)
- March 1, 2018 – 2 years (825 days)
Why did I receive an SSL valid for only 200 days?
Industry rules now limit the technical lifetime of an SSL certificate to 200 days. These standards are set by the CA/Browser Forum, a consortium of Certificate Authorities, browser vendors, and technology companies, and apply to every trusted Certificate Authority worldwide.
How 1–5 year plans work under the new limit
Your pricing and billing structure stay the same — you can still purchase SSL coverage for up to five years in advance. Our service operates on a subscription model: you pay upfront for the period you choose, and the time you pay for is the time you receive, with no additional charges.
When you buy a 1–5 year plan, you’re effectively paying in advance for a series of 200-day certificates that will be issued one after another during that period:
- Each 200-day certificate is issued at no additional cost until your full term is completed
- By prepaying, you lock in today’s price and protect against future increases
- You will need to reactivate and reinstall your SSL approximately every 200 days
What reactivation looks like
- Go to My SSL and click the “Renew” filter next to search
- Certificates requiring reactivation will show a “Reactivate” button — select it to enter the activation flow
The process is similar to your initial SSL activation:
- Submit your data to the Certificate Authority.
- Confirm that you control the domain you wish to secure.
- Pass company checks: organization validation for an OV SSL or extended validation for an EV SSL.
- Install the new SSL on your server.
Automation options (coming 2026)
We’re developing several automation features to handle reactivation automatically. First features begin rolling out mid-2026.
| Web-based automation (SSL Proxy) | Server-side automation (SSL Genie) | Auto DCV + auto issuance |
|---|---|---|
| Estimated: July–August 2026 | Estimated: July–August 2026 | Estimated: August–September 2026 |
| Point your domain to our proxy using a DNS record. We handle the entire SSL process for you. | Upload a file or run a single terminal command. No ACME setup required. | Add a CNAME record to your DNS zone. We complete domain validation and issue new certificates automatically. |
| Works with any website regardless of server type, provided your website doesn’t already use a CDN or proxy | Best suited if you need SSL directly on your server and can’t use a proxy due to your specific setup | Ideal if you prefer not to set up full automation but want a simpler reactivation process |
Reactivate vs. Renew: What’s the difference?
- Reactivate: You get a new SSL issued within the period you’ve already paid for
- Renew: Your paid period is ending; you purchase coverage for another term
Both actions involve sending requests to the Certificate Authority, getting an SSL issued, and installing it on your site. For either, you’ll receive email reminders and guided instructions.
What happens if you don’t reactivate?
If you don’t reactivate before expiration, your 200-day SSL will expire. Your website will lose encryption protection, and browsers will flag it as “Not secure.” The certificate status in your dashboard will change to Paused. You can restore a secure connection at any time by completing reactivation — this will issue a new 200-day SSL for free within your prepaid period.