If you recently renewed or requested an SSL/TLS certificate and noticed that its expiration date is approximately 6 months away instead of the full year you were used to, this is not an error. It is an official, industry-wide change that applies to all certificate authorities worldwide, including DigiCert, Sectigo, GlobalSign, and any other that issues public certificates.

As of February 24, 2026, no certificate authority may issue public TLS certificates with a validity greater than 200 days. This limit will continue to decrease over the coming years, reaching 47 days in 2029.

Why is this change happening?

The reduction in SSL/TLS certificate validity is not a decision made by a single provider, but a resolution approved by the CA/Browser Forum — the international body that sets the rules all certificate authorities and web browsers (Chrome, Firefox, Safari, Edge) must follow.

The change was officially approved through Ballot SC-081v3 and is driven by three main reasons:

• 🔐 Security against compromised keys
  If a certificate's private key falls into the wrong hands, a shorter validity period limits the time an attacker can use it to impersonate a website or intercept communications. With certificates lasting nearly 400 days, a stolen key gave an attacker almost a full year of exposure. With 200 days, that window is cut in half.

• ⚡ Cryptographic agility
  The industry needs to be able to update encryption algorithms more quickly, especially given the rise of quantum computing, which could eventually break current algorithms. Short-lived certificates allow migration to new cryptographic standards without waiting for an entire generation of certificates to expire.

The change schedule

This reduction takes place in three stages over the coming years:

Certificates issued before February 24, 2026 with a 1-year validity are not affected and will remain valid until their original expiration date.

What does this mean for your website?

If your SSL certificate is managed manually — meaning you renew it yourself from cPanel or your control panel — you will need to keep a closer eye on expiration dates. Starting in 2027, and especially in 2029, manual renewal will become very difficult to sustain.

At Webzi, all shared hosting plans include AutoSSL enabled by default. If you have any doubts about your domain's certificate status, you can check it directly from cPanel under the SSL/TLS section.

Frequently asked questions

Will I pay more for renewing the certificate more frequently?

No, the cost does not change even though renewals are more frequent. For paid SSL certificates, most certificate authorities maintain their annual subscription model and absorb the higher issuance frequency internally.

My certificate expired sooner than expected — what do I do?

If your site is showing a warning such as "Your connection is not private" or similar, the certificate has likely expired. You can renew it in the following ways:

• From cPanel → SSL/TLS → Manage SSL Sites, where you can manually install or renew a certificate.

• If you use AutoSSL, you can force a renewal from cPanel → SSL/TLS → AutoSSL → Run AutoSSL.

• If the issue persists, open a support ticket and we will be happy to help you resolve it.

Does this change affect SSL certificates used in internal or private networks?

No. Ballot SC-081v3 applies exclusively to public TLS certificates, meaning those used on websites accessible from the internet. Private PKI certificates (used in internal corporate networks, VPNs, IoT devices, etc.) are not subject to these rules and may continue to have longer validity periods according to each organization's own policies.

The reduction in certificate validity is a gradual, globally coordinated process. The best way to stay prepared is to make sure automatic renewal is enabled and that your account contact details are up to date so you receive expiration alerts in time.

If you have any questions about managing the SSL certificate for your site at Webzi, you can reach us at any time through chat or by opening a ticket from your client panel.