Become a TechRadar Insider
As SSL/TLS certificate lifespans shrink, IT departments must adapt to faster renewal cycles. This shift toward shorter lifecycles, driven by a need for better security, will soon create immense operational pressure.
We predict major internet instability on October 1, 2026, when expiring SSL certificates could begin disrupting global internet services.
Article continues belowChief Compliance Officer, Sectigo.
For organizations that issue certificates in March 2026, their maximum 6-month (approx. 200-day) term will expire in early October 2026. On the week of October 1, 2026, we expect to see headlines about unexpected outages as the wave of these first short-lived certificates begin to expire.
While some Fortune 500 companies with robust IT teams and abundant resources may weather the storm and avoid disruption thanks to proper planning and implementation of automated certificate management tools, the story will be different for smaller organizations with less resources.
These costly outages will not be isolated to a single company's main website; an expired certificate on an API, an internal service, or a third-party vendor’s system can cause revenue loss or compliance failures.
While organizations with skilled IT teams might resolve these issues within an hour, any small business relying on manual processes or spreadsheets could have unknown, costly recovery times. October 1 will be another wake-up call that shorter certificate lifespans demand proactive management and automation.
The Accelerating Reality of Short-Lived Certificates
The 200-day rule is only the beginning. The phased reduction of certificate lifespans is a long-term roadmap toward a more agile and secure future. This roadmap is mandatory for all public Certificate Authorities and defines a new reality for IT and DevOps teams.
The key dates for the industry-wide change are:
March 15, 2026: Maximum TLS certificate lifespan shrinks to 200 days. The Domain Control Validation (DCV) reuse period also reduces to 200 days.
March 15, 2027: Maximum TLS certificate lifespan shrinks to 100 days, accommodating a three-month renewal cadence. The DCV reuse period also reduces to 100 days.
March 15, 2029: Maximum TLS certificate lifespan shrinks to 47 days, accommodating a one-month renewal cadence. The DCV reuse period drastically reduces to just 10 days.
The final 47-day validity period, which translates to a monthly renewal cycle, will multiply the current renewal workload by a factor of twelve over what it is today.
Managing month-long certificates manually will be nearly impossible; it will shift certificate management from a tolerable annual chore to a perpetual, high-risk operational liability.
This is why the move to shorter certificate term is not just a policy change; it’s a forcing function for automation, essential for maintaining security, reducing the window of potential compromise, and preparing for the next major cryptographic evolution: Post-Quantum Cryptography (PQC).
47-Day Survival Guide Checklist
To avoid the chaos predicted for October 2026 and to ensure your organization thrives during the full transition, certificate management automation is a must. Based on the industry's focus on machine identity, here is a prescriptive checklist to not only eliminate certificate-related outages but also kickstart your organization’s journey towards crypto-agility in preparation for the post-quantum era:
Awareness & Discovery: Raise awareness within your organization about the shift to 47-day certificate lifespans. Simultaneously, perform a comprehensive discovery of all SSL/TLS certificates across your IT infrastructure. This process is crucial to identifying and tracking all certificates, preventing unmonitored or rogue certificates that could cause service outages or security vulnerabilities.
Vendor technology inventory: After discovering your certificates, the next step is to compile a thorough inventory of vendor technologies that rely on SSL/TLS certificates within your IT environment. This inventory helps you prioritize systems and applications based on criticality, ensuring that all key systems are accounted for in your certificate management strategy.
Automation Mapping: ACME (Automatic Certificate Management Environment) is the preferred automation protocol for public certificate issuance and management. It streamlines the lifecycle of digital certificates, reducing manual effort and minimizing the risk of outages. By enabling automation, ACME supports shorter certificate lifespans and helps organizations improve resilience and agility—key steps toward preparing for future cryptographic transitions.
Rollout plan: Developing a comprehensive rollout plan for the adoption of monthly public certificate issuance will begin by a business setting clear objectives and identifying the resources, requirements, and priorities needed for a smooth transition. You will need to determine which systems and certificates will be impacted and ensure that the appropriate automation tools are in place to manage frequent renewals.
Crypto agility: Once all previous steps have been completed, organizations should solidify their readiness by creating a Cryptographic Center of Excellence (CCoE). For larger enterprises, this is essential to ensure crypto agility remains a priority across all departments, with active involvement from the C-suite to ensure buy-in of strategies and processes.
The countdown to 47-day certificates is a countdown to a new reality of machine identity management. The time to transition from spreadsheets to automation is now, well before the next crisis hits.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.