Skip to main content

Understanding the 2026–2029 SSL/TLS Certificate Validity Changes

What’s changing, why it’s changing, and how Webnames.ca is helping you stay secure

Written by Garrett Saundry
Updated today

Beginning in 2026, major web browsers and publicly trusted Certificate Authorities (CAs) are introducing new industry‑wide rules that shorten the permitted lifespan of SSL/TLS certificates. These changes affect all certificate providers, all brands, and all website owners.

This article explains:

  • What’s changing and when

  • The difference between purchase term and certificate validity

  • How many certificates you will receive in a 1‑year term (for 2026 → 2029)

  • What DCV is and when you may need to complete it

  • What OV/EV validation reuse means

  • How Webnames.ca is adapting (AutoInstall, ACME, multi‑year terms, reminders)

  • What you need to do based on your hosting setup

1. What Is Changing?

Beginning March 15, 2026, the maximum validity of any new publicly trusted SSL/TLS certificate will be:

  • 2026: up to 200 days

  • 2027: up to 100 days

  • 2029: up to 47 days

These validity limits apply to the individual certificate file, not your purchase term.

Why is this happening?

This is an industry initiative led by browser vendors and Certificate Authorities to improve internet security by:

  • reducing the time compromised certificates can remain active,

  • reducing reliance on outdated cryptographic practices,

  • encouraging automation and more reliable certificate rotation.

These changes apply globally and are not specific to Webnames.ca.

2. Your Purchase Term Is Not Changing

You will continue to be able to buy:

  • 1‑year SSL certificates, and

  • beginning later this year, multi‑year SSL purchases (1–3 years).

What is changing?

The individual certificate files issued during your term will now be shorter in duration.

This means a 1‑year SSL purchase will consist of multiple certificates, issued one after another, at no additional cost.

3. How Many Certificates Will I Receive in a 1‑Year Purchase?

Here are the upcoming issuance patterns:

2026 – 1‑Year Purchase

  • Certificate #1 — valid for up to 200 days

  • Certificate #2 — automatically issued for the remaining ~165 days

2029 – 1‑Year Purchase

  • Certificate #1 — 47 days

  • Certificate #2 — ~47 days

  • Certificate #3 — ~47 days

  • Certificate #4 — ~47 days

  • Certificate #5 — ~47 days

  • Certificate #6 — ~47 days

  • Certificate #7 — ~47 days

  • Certificate #8 — remaining days in the year

You will begin receiving notices three weeks prior to the end of your certificates validity period. This will be your signal that reissuance of your certificate is required. The email notice will contain a link to initiate the reissuance of your certificate. Once reissued, install the new certificate on your web server in the same manner that you did with your initial certificate. All reissued replacement certificates are included in the cost of the original purchase.

4. Domain Control Validation (DCV)

(What it is and when you’ll need it)

DCV is how you prove that you control the domain name associated with an SSL certificate.

You may complete DCV in one of two ways:

  1. Email validation
    Approving an email sent to a domain‑based address (e.g., [email protected]).

  2. DNS record validation
    Adding a temporary DNS TXT record containing a verification value.

Will I need to repeat DCV?

It depends on timing.

The DCV reuse period is tied to certificate validity:

  • 2026: up to 200 days

  • 2027: up to 100 days

  • 2029: up to 10 days

If a renewal or reissue falls outside the reuse window, you will be asked to repeat DCV. Customers using automated solutions (AutoInstall or ACME) often do not notice these steps because the system handles them.

5. OV and EV Validation Reuse (Corporate Customers Only)

If you use OV (Organization Validated) or EV (Extended Validation) certificates:

  • Your organization’s identity will be revalidated approximately once every 398 days.

This is separate from DCV and focuses on verifying your business identity and documentation.

6. Manual vs. Automated Certificate Management

As certificate validity periods shorten, manual certificate management will occur much more frequently.

Manual management includes:

  • Reissuing certificates

  • Completing DCV

  • Downloading updated certificate files

  • Installing certificates on your server

  • Restarting services if required

This can be time‑consuming, especially for environments with multiple domains or servers.

Automation is strongly recommended

Webnames.ca offers two approaches:

  1. Plesk AutoInstall SSL (Webnames hosting customers)

    • Automatically reissues, validates, and installs certificates

    • No customer action required

  2. ACME (coming summer 2026)

    • Industry‑standard automation used by modern servers, VMs, cloud platforms, proxies, and ingress controllers

    • Manages certificate ordering, DCV, issuance, installation, and renewal

    • Suitable for corporate and technical environments

Webnames will also offer an agent‑based automation option for systems without native ACME support.

7. What You Need to Do Based on Your Hosting Setup

A) Retail customers hosting outside Webnames.ca

(e.g., cPanel, WordPress hosting, third‑party providers)

  • SSL updates will happen more often.

  • If your hosting provider supports automated SSL installation (ACME, cPanel AutoSSL, etc.), ask if they can configure it for you.

  • If not, you or your webmaster will need to manually install new certificates throughout the year.

  • Be prepared for occasional DCV confirmation emails or DNS updates.

B) Webnames.ca Plesk Hosting (AutoInstall)

No action required.

  • AutoInstall will automatically reissue, validate, and install certificates.

  • You’ll still receive renewal notices, but nothing in your workflow changes.

  • DCV may occur in the background automatically.

C) Corporate / IT‑Managed Environments

  • Manual updates will be required more frequently if automation is not enabled.

  • Begin planning for ACME adoption or agent‑based automation.

  • Consider multi‑year purchases to reduce procurement cycles.

  • Review internal certificate tracking and monitoring processes.

  • Ensure your DCV and OV/EV documentation workflows are ready for increased cadence.

8. How Webnames.ca Is Supporting These Changes

We are committed to making this transition as smooth as possible.

What we’re doing:

  • Updating Plesk AutoInstall for full compatibility

  • Launching ACME automation (summer 2026)

  • Introducing multi‑year SSL purchases (1–3 years)

  • Improving automated reissue reminders

  • Updating our Knowledge Base with configuration guides

  • Providing a Webnames‑developed certificate management agent for environments without ACME

Where to learn more:

Our in‑depth blog post summarizes the changes and how to prepare:
👉 https://blog.webnames.ca/how-to-prepare-for-2026-ssl-validity-changes/

Related Articles
SSL Certificate Renewals
Important Change: Email-Based Domain Control Validation for SSL Certificates
Did this answer your question?