Skip to main content

Understanding the 2026–2029 SSL/TLS Certificate Validity Changes

What’s changing, why it’s changing, and how Webnames.ca is helping you stay secure

Written by Garrett Saundry

Beginning in 2026, major web browsers and publicly trusted Certificate Authorities (CAs) are introducing new industry‑wide rules that shorten the permitted lifespan of SSL/TLS certificates. These changes affect all certificate providers, all brands, and all website owners.

This article explains:

  • What’s changing and when

  • The difference between purchase term and certificate validity

  • How many certificates you will receive in a 1‑year term (for 2026 → 2029)

  • What DCV is and when you may need to complete it

  • What OV/EV validation reuse means

  • How Webnames.ca is adapting (AutoInstall, ACME, multi‑year terms, reminders)

  • What you need to do based on your hosting setup

1. What Is Changing?

Beginning March 15, 2026, the maximum validity of any new publicly trusted SSL/TLS certificate will be:

  • 2026: up to 200 days

  • 2027: up to 100 days

  • 2029: up to 47 days

These validity limits apply to the individual certificate file, not your purchase term.

Why is this happening?

This is an industry initiative led by browsers and Certificate Authorities to:

  • Reduce the time compromised certificates can be used

  • Improve cryptographic agility

  • Encourage automation and reduce manual errors

These changes apply globally and are not specific to Webnames.ca.

2. Your Purchase Term Is Not Changing

You will continue to be able to buy:

  • 1‑year SSL certificates, and multi‑year SSL purchases (2 and 3 years).

What is changing?

The individual certificate files issued during your term will now be shorter in duration.

This means:

  • A single purchase will produce multiple certificates over time

  • Each reissued certificate is included at no additional cost

3. How Many Certificates Will I Receive in a 1‑Year Purchase?

Here are the upcoming issuance patterns:

2026 – 1‑Year Purchase

  • Certificate #1 — valid for up to 200 days

  • Certificate #2 — automatically issued for the remaining ~165 days

2029 – 1‑Year Purchase

  • Certificate #1 — 47 days

  • Certificate #2 — ~47 days

  • Certificate #3 — ~47 days

  • Certificate #4 — ~47 days

  • Certificate #5 — ~47 days

  • Certificate #6 — ~47 days

  • Certificate #7 — ~47 days

  • Certificate #8 — remaining days in the year

Reissuance Process

You will receive a reminder approximately three weeks before your certificate’s validity period ends.

At that point:

  1. Reissue your certificate

  2. Complete validation (if required)

  3. Install the updated certificate on your server

All replacement certificates are included in your original purchase.

4. Domain Control Validation (DCV)

(What it is and when you’ll need it)

DCV is how you prove that you control the domain name associated with an SSL certificate.

You may complete DCV in one of two ways:

  1. Email validation
    Approving an email sent to a domain‑based address (e.g., [email protected]).

  2. DNS record validation
    Adding a temporary DNS record containing a verification value.

Will I need to repeat DCV?

It depends on timing.

The DCV reuse period is tied to certificate validity:

  • 2026: up to 200 days

  • 2027: up to 100 days

  • 2029: up to 10 days

If a renewal or reissue falls outside the reuse window, you will be asked to repeat DCV. Customers using automated solutions (AutoInstall or ACME) often do not notice these steps because the system handles them.

5. OV and EV Validation Reuse (Corporate Customers Only)

If you use OV (Organization Validated) or EV (Extended Validation) certificates:

  • Your organization’s identity will be revalidated approximately once every 398 days.

This is separate from DCV and focuses on verifying your business identity and documentation.

6. Manual vs. Automated Certificate Management

As validity periods shorten, manual certificate management becomes more frequent.

Manual tasks include:

  • Reissuing certificates

  • Completing DCV

  • Installing certificates

  • Restarting services

Automation is strongly recommended

Webnames.ca offers two approaches:

Plesk AutoInstall SSL

  • Automatically reissues, validates, and installs certificates

  • No customer action required

ACME Automation (rolling out in 2026)

ACME (Automated Certificate Management Environment) is the industry standard for automating:

  • Certificate issuance

  • Domain validation

  • Installation

  • Renewal (rotation)

ACME Availability Timeline

Webnames is rolling out ACME‑enabled SSL subscriptions in phases:

Available end of May (DV certificates)

  • Sectigo ACME Certificate‑as‑a‑Service (DV)

  • PositiveSSL ACME Certificate‑as‑a‑Service (DV)

  • RapidSSL and GeoTrust automation‑enabled plans

Coming Soon

  • June 2026: Thawte certificates

  • July 2026: Multi‑domain and FLEX certificates

  • August 2026: OV and EV certificates (DigiCert and Sectigo)

Availability varies by certificate type and brand.

Important note on automation vs renewal

ACME automates certificate issuance and rotation. Your subscription (coverage period) renews separately, regardless of whether ACME is used.

7. What You Need to Do Based on Your Hosting Setup

A) Retail customers hosting outside Webnames.ca

(e.g., cPanel, WordPress hosting, third‑party providers)

  • Certificates will need to be updated more often

  • Ask your hosting provider if they support automated SSL updates

  • If not, you or your webmaster must:

    • reissue certificates

    • install them regularly

You may also receive DCV emails or need DNS updates.

B) Webnames.ca Plesk Hosting (AutoInstall)

No action required.

  • Certificates are automatically reissued and installed

  • Workflow remains unchanged

  • DCV usually occurs automatically

C) Corporate / IT‑Managed Environments

  • Manual processes will become increasingly time‑consuming

  • Begin planning for:

    1. ACME adoption

    2. automation strategy across environments

  • Consider multi‑year purchases

  • Review monitoring and validation workflows

8. How Webnames.ca Is Supporting These Changes

We are committed to making this transition as smooth as possible.

What we’re doing:

  • Updating Plesk AutoInstall for compatibility

  • Rolling out ACME‑enabled SSL subscriptions

  • Introducing multi‑year SSL purchases (1–3 years)

  • Enhancing reissue reminders and notifications

  • Expanding Knowledge Base documentation

  • Developing an automation agent for non‑ACME environments (availability is TBA)

Transitioning to ACME

You do not need to make changes mid‑term. To adopt automation:

  1. Continue using your current certificate until expiry

  2. At renewal, choose an ACME‑enabled subscription (if available)

  3. Configure automation in your environment

If your certificate type is not yet supported, you can transition at a future renewal.

Where to learn more:

Our in‑depth blog post summarizes the changes and how to prepare:
👉 https://blog.webnames.ca/how-to-prepare-for-2026-ssl-validity-changes/

Related Articles
Important Change: Email-Based Domain Control Validation for SSL Certificates
Did this answer your question?