TLS / SSL Certificate Lifespan History (2, 3, and 5-year validity)

Question: When will Sectigo stop issuing 2 year Public TLS certificates?
Answer: Two-Year Certificate Phase-Out INDUSTRY MANDATED CHANGE

Starting Wednesday, August 19, 2020, Sectigo will no longer be able to offer two-year public TLS certificates due to an industry-wide requirement set by Apple and Google, stating that any two-year TLS certificate issued after August 30, 2020, will be distrusted in their browsers. Any two-year TLS certificate issued before 12:00am UTC on August 19, 2020, will be valid for two-years (up to 825 days). Beginning August 19, 2020, Sectigo will only be issuing one-year (up to 398 days) TLS certificates. This only applies to public TLS certificates

Question: Will other certificate types be affect by this industry mandated change?
Answer: No. This only applies to public TLS certificates. Private-root and other types of certificates (e.g. Code Signing Certificates, S/MIME certificates, etc.) will be unaffected and will have the same maximum validity that they have today.

Question: Where can I find more information about this change and how can I get help with my questions?
Answer: In preparation for this upcoming industry-wide change, we have prepared a few resources for our customers and partners.

In addition, Sectigo offers Subscription SSL bundles for our partners and direct customers who purchase certificates through our websites. Subscription SSL does not apply to customers using our certificate management solutions. To learn more about Subscription SSL, Contact us ( if you have any questions about how these changes may impact your business

Question: Why did Sectigo stop issuing 3 year certificates?
Answer: This was an industry-wide directive which affects all certificate authorities. In accordance with the CA/Browser Forum Baseline Requirements, effective March 1st 2018, Certificate Authorities (CAs) are no longer able to issue SSL Certificates with a validity period longer than 27 months.

Question: When will the 2-year maximum term limitation take effect?
Answer: March 1st 2018

Question: Is Sectigo the only Certificate Authority to stop issuing 3 year term certificates?
Answer: No, the requirement applies to every CA. If a certificate is issued after March 1, 2018 with a validity period greater than 27 months, the issuing CA will be in breach of the requirements.

Question: Can I renew a 3 year certificate and get another one for the same duration?
Answer: Yes, you can renew or replace an existing 3 year certificate after March 1st 2018, but to make up the full duration, we will issue one certificate for 27 months then a second certificate valid for the remaining time. So, for example, if you renew/replace a certificate with 3 year duration, we will issue a 2 year cert followed by a 1 year cert when the first one expires.

Question: What if I already paid for a 3-year term? Will Sectigo honor my purchase?
Answer: Yes. If you purchased a certificate prior to March 1, 2018 then nothing will change. Your 3 year certificate will remain valid for its full lifetime. If you decide to replace this certificate after March 1, 2018 (or it comes up for renewal) then the new guidelines come into play.

Question: How will I get the remaining time if I renew or replace a 3 year term certificate after March 1, 2018?
Answer: When the initial 825 days (or 27 month) certificate is nearing expiration, log into your account, locate your order and click the ‘Replace’ link.
You will be issued a new certificate for the remaining time.

Question: Does the 2-year maximum term limitation apply to all certificate types (single domain, wildcard, Extended Validation and UCC/MDC)?
Answer: Yes, it applies to all website certificate types. EV certificates currently have a maximum duration of 2 years, so they are already compliant.

Question: Does the time limit apply to code signing certificates?
Answer: No, the limit does not apply to code signing or EV code signing certificates, which will retain a 3 year maximum validity period.

In summary:

  • If you purchased a 3 year certificate prior to March 1, 2018 then nothing will change. The certificate will remain valid throughout its full lifetime.
  • If you renew or replace an existing 3 year certificate AFTER April 1st, then we will issue a 2 year certificate. When your 2 year certificate nears expiry, we will issue another certificate valid for the remaining time. You can claim this 2nd certificate by logging into your account and clicking the ‘Replace’ link when the 2 year certificate nears expiration.
  • All new certificate purchases after March 1, 2018 will be for a maximum of 27 months.

Official CA/Browser Forum: Ballot 193: 825-Day Certificate Lifetimes
Please also consult our Official TLS / SSL Certificate Lifespan document for up-to-date Industry Wide Requirements or changes.