FYI: Shorter SSL Lifespans (Effective March 15, 2026)

Forum|Forum|30 days ago
March 5, 2026
1 reply
60 views

Starting March 15th, new SSL certificates will be valid for only 200 days — about 7 months — instead of a full year. This is an industry-wide change.

SSLs issued before March 15 will keep their full term. However, anything issued after will be required to reissue their certificates every 200 days.

Mark your calendars accordingly. 😉

B i r n o u

Legend

Hi @Nancy OShea ,

Thanks for the information.

Just wondering though, in most hosting environments today SSL certificates are renewed automatically, aren’t they? Many setups already run on shorter cycles (for example Let’s Encrypt) and the renewal is handled in the background by the server or the hosting platform.

So in practice this probably won’t change much for sites where SSL is already automated. It’s more something to keep in mind for environments where certificates are still managed manually.

Nancy OShea

Author

Community Expert

Not necessarily. I purchase & install my own multi-domain certificates from a reputable Certificate Authority (CA). Renewal is not automatic. At each cycle, I generate new CSRs and manually install newly issued certificates on the server.

Free certs offered by web hosts from Cloud Flare or Let’s Encrypt provide low-level protection and no ‘warranty assurance.’ This might be adequate for small vanity sites, but it’s not enough for sites that handle sensitive information.

Types of Validation and Warranty coverage:

Domain Validation (DV): Quick validation that only proves ownership of the domain and offers the lowest warranty coverage.
Organization Validation (OV): Vets the organization’s identity to provide a higher level of trust and provides moderate warranty coverage.
Extended Validation (EV): The highest security level; involves a strict vetting process of the business’ legal identity and offers the highest warranty coverage, over $1 million.

Site Seals: Most insured certificates come with dynamic site seals, which act as a visual indicator of the level of warranty and trust. You typically see Site Seals on reputable e-commerce sites.

Nancy O'Shea— Product User & Community Expert

B i r n o u

Legend

Hello @Nancy OShea ,

That makes sense in setups where certificates are purchased and installed manually. In that case, renewal is indeed something that needs to be handled at each cycle.

In many hosting environments today though, SSL management has become largely automated. Platforms using Let’s Encrypt, AutoSSL, Cloudflare, or infrastructures such as AWS, GCP, Vercel, Netlify or Plesk often handle certificate issuance and renewal automatically in the background, for example through tools like AutoSSL in cPanel. In those setups, shorter certificate lifetimes usually don’t require much manual intervention.

Just to clarify for readers as well: DV, OV and EV mainly differ in the identity validation and warranty aspects, not in the TLS encryption itself. The encryption used between browser and server remains the same; what changes is the level of identity verification and the assurances provided by the CA.

The warranty associated with OV or EV certificates is essentially a commercial assurance from the CA in case of a validation failure, rather than something that affects the strength of the encryption.

From what I’ve been seeing over the past few years, the industry seems to be moving toward shorter certificate lifetimes and more automated certificate management, which probably explains why these changes are happening.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded