SSL certificate lifespans are cut to 47 days. Here’s why and what to do next.
In April 2025, Apple proposed slashing the validity period of public SSL/TLS certificates to just 47 days. This SpaceLama explainer breaks down the reasons behind this shift and what it means for our beloved website owners and businesses.
What’s changing?
Right now, SSL certificates are valid for 13 months (398 days), allowing website owners to renew them once per year, give or take. Yet Apple’s proposal reduces this timeframe by a staggering eight times, to just 47 days!
We should probably stop calling it a proposal, though. The CA/B Forum, the international body that sets standards for digital certificates, has already greenlit this reduction. Major players in the industry, including Sectigo, a leading SSL certificate provider, are on board. For context, back in 2012, certificates were issued for five or even ten years!
Transition timeline
A smooth transition to this new SSL validity standard will kick off in 2026:
- On March 15, 2026 maximum validity drops to 200 days.
- On March 15, 2027 validity will be further reduced to 100 days.
- On March 15, 2029 we will witness the full implementation of the standard and the certificate will become valid for mere 47 days.
Important! Along with the shortened lifespan, a new requirement will come into play: starting in 2029, domain ownership validation will only be valid for 10 days. This means you’ll need to validate your domain more frequently. If validation fails, your certificate won’t be issued, and your website may become inaccessible.
Why is this happening?
Shortening certificate lifespans promotes continuous domain ownership verification, significantly reducing the risk of former domain owners retaining SSL certificates long after transferring control.
According to ICANN, up to 11% of SSL certificates remain active on domains that have already changed hands. Additionally, Sectigo reports that 81% of companies have faced outages due to expired or invalid certificates in the past two years.
The problem arises when a new domain owner inherits an outdated certificate without re-validating it, while the previous owner could still access encrypted data, especially if the infrastructure hasn’t been updated. This creates a serious vulnerability, opening the door to potential man-in-the-middle attacks.
Frequent SSL certificate renewals also enable quicker detection and revocation of compromised certificates, minimizing the impact of hacks and errors while enhancing control over domain ownership.
What does this mean for businesses and website owners?
The shift to shorter SSL certificate lifespans offers several advantages, including enhanced security for websites and users, more flexible security management, and the ability to keep infrastructure up to date.
However, it also presents challenges, such as the need to transition to nearly monthly certificate updates, which can increase manual management hassle.
Additionally, small businesses without technical staff may find it difficult to comply with the new requirements without implementing automation.
How to prepare?
While the final changes won’t take effect until 2029, you need to start preparing now, between 2025 and 2026.
1. Automate certificate management.
Leverage platforms that support ACME and Certificate Lifecycle Management (CLM), like Let’s Encrypt, ZeroSSL, and Sectigo SCM.
2. Update your website infrastructure.
Ensure your server, CMS, or hosting provider supports automatic installation and renewal of certificates.
3. Set up monitoring.
Activate expiration alerts to be warned in advance. This will help you avoid any downtime.
4. Inform your team.
Make sure your administrators, developers, and IT staff are well-versed in the new requirements.
What happens if you forget to renew your SSL?
1. Your site will no longer be secure
Browsers like Chrome, Safari, and Firefox will immediately warn users that your site isn’t secure, displaying messages like “Your connection is not private.”
2. Users may leave the site
Such warnings can drive away most visitors, especially if you run an online store or a payment service. Statistics show that over 80% of users will close a site with an SSL error immediately.
3. Loss of customers, trust, and sales
Expect a drop in traffic and conversions, along with a spike in support requests, leading to financial losses. According to Moldstud, implementing HTTPS can reduce bounce rates by about 30%, and 85% of users avoid sites that don’t use “https://”.
4. SEO and indexing issues
Google ranks sites without HTTPS lower. If your certificate expires, search engines might exclude your pages from their index or impose temporary penalties.
5. Integration and API problems
Many third-party services (like payment gateways, widgets, and APIs) will refuse to function if the connection is insecure, potentially causing errors on your website and in mobile apps.
Why was Apple able to propose this change at all?
While you may think that Apple did this simply to annoy website owners and cause chaos, that’s not the case. The validity period of SSL/TLS certificates is determined not just by certificate authorities (CAs) but also by browser and operating system developers, who ultimately decide which certificates to trust.
Apple is a key player in the CA/B Forum, alongside Google, Mozilla, and Microsoft. If Apple decides not to trust certificates older than 47 days, all sites using those certificates will be flagged as unsafe in Safari. As of February 2025, Safari holds 17.62% of the global browser market, second only to Google Chrome.
Reducing the lifespan of SSL certificates to 47 days isn’t just a policy shift from Apple and Sectigo. It marks a new era in digital identity management. Businesses must become more agile, technologically advanced, and automated.
Is your infrastructure ready to renew certificates every month? If not, now’s the time to make those changes. Missing a deadline isn’t just a slip-up anymore. It could – and probably will – cost you money, clients, and your reputation. Luckily, you can always rely on SpaceLama. Our automated platform ensures your SSL/TLS certificates are always up-to-date, eliminating the risk of expiration and downtime. Enjoy seamless compliance with industry standards, boost customer trust with a secure browsing experience, enhance your SEO rankings, and reduce the workload on your IT team.