DigiCert KnowledgeBase - Technical Support-hero

Knowledge Base

Moving to 199-day validity for public TLS certificates

Solution ID : ALERT66
Last Modified : 12/23/2025

Per SC081v3, certificate validity goes from 398 to 200 days in 2026

Description

On February 24, 2026, DigiCert will stop accepting public TLS certificate requests with a validity greater than 199 days. 

Additionally, all public TLS certificates issued on or after February 24, 2026, cannot exceed the new 199-day maximum validity. This change affects all DigiCert public TLS products:

  • Public DV TLS products
  • Public OV TLS products
  • Public EV TLS products
  • EU Qualified Website Authentication Certificate (QWAC)
  • EU Qualified Website Authentication Certificate PSD2
Important: DigiCert may update this article if new information becomes available. Save this page and check for updates. The Last Modified date appears under the title.

Why is DigiCert reducing the maximum validity of public TLS certificates to 199 days?

DigiCert is making this change to align with the CA/Browser Forum’s Ballot SC081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods. This ballot sets a timeline for all Certificate Authorities (CAs) to reduce TLS certificate validity from 398 days to 200 days in 2026, 100 days in 2027, and 47 days in 2029. Learn more about Ballot SC081v3.

Note: DigiCert's maximum certificate validities are one day shorter than the maximum validity allowed by the CA/Browser Forum’s, to avoid exceeding the maximum permitted validity.  

 

Maximum validity period of public TLS/SSL in the CA/Browser Forum

Certificate issued Maximum certificate validity   
Before March 15, 2026 398 days
Between March 15, 2026, and March 15, 2027 200 days
Between March 15, 2027, and March 15, 2029 100 days
After March 15, 2029 47 days

Items covered in this article

 

What's changing?

Today, DigiCert issues public TLS certificates with a maximum 397-day validity. On February 24, 2026, DigiCert will issue TLS certificates with a maximum 199-day validity. 199-day maximum validity is the first stage of this multi-phase industry transition to 47-day TLS certificates.

  • Order public TLS certificates with a maximum 199-day validity
    • CertCentral
      On February 24, 2026, you will have three certificate validity options when ordering TLS certificates in CertCentral: 199 days, custom expiration date with a 199-day limit, and custom length up to 199 days.
    • CertCentral Services API
      On February 24, 2026, DigiCert will automatically adjust 1-year public TLS certificate validity to 199 days for requests submitted via the CertCentral Services API. This new behavior is intended to prevent unexpected errors and ensure your requests continue to process successfully.
      See the CertCentral Services API requests will automatically be adjusted to 199 days section in this article.
    • If you want a 397-day public TLS certificate, order it before February 24, 2026,.
      When placing the order, make sure to allow plenty of time to complete the needed domain and organization validations to ensure your certificate is issued before February 24, 2026. The maximum allowed certificate validity is based on when the certificate is issued, not when the order is placed.   
  • DigiCert will issue public TLS certificates with a maximum 199-day validity

    On February 24, 2026,  DigiCert will issue public TLS certificates with a maximum 199-day validity.
    If planning to order 397-day TLS certificates right up until the February 24, 2026, deadline, make sure your domain and organization validations are up to date. TLS certificates issued after February 24, 2026, will have a 199-day maximum validity.

 

What do I need to do?

No immediate action is required. We recommend you prepare for this change:

  • Get your 397-day certificate before DigiCert stops issuing them:

    1. Order your certificates before February 24, 2026. 
      When placing the order, make sure to allow plenty of time to complete the needed domain and organization validations. The maximum certificate allowed validity applies to when the certificate is issued, not when the order was placed.  
    2. Help us issue your certificates before February 24, 2026.

      • Complete domain validation ahead of time
        When ordering OV, or EV TLS certificates, complete domain validation before ordering the certificate. Learn how to validate domains before ordering certificates for them.
      • Make sure your organization validation is up to date
        When ordering OV and EV TLS certificates make sure the organization validation is update to date. Please contact DigiCert support if you need to revalidate your organization.
      • Keep verified contacts informed
        When ordering EV TLS certificates let the verified contacts on your order know you’ve placed the order and encourage them to respond to the approval email as soon as they receive it. Learn how the verified contact order approval process works.
  • Prepare for the future

The maximum certificate validity will shorten to 46 days by 2029, which will make manual certificate lifecycle management (CLM) impractical. DigiCert strongly recommends you adopt automation solutions through CertCentral (like ACME) and Trust Lifecycle Manager.

Contact your account manager if you want to learn more about automation.
 

How does this affect existing public TLS certificates with a validity greater than 199 days

This change doesn’t affect active certificates issued before the February 24, 2026, deadline. These certificates will continue to be trusted until they expire. When the certificate nears its expiration date, you need to renew it with a 199-day certificate.

How does this affect existing 365/397-day TLS certificate reissues and duplicate issues?

The new 199-day maximum validity does impact 365/397-day TLS certificate reissues and duplicates.

  • Before February 24, 2026, when you reissue or duplicate a public TLS certificate, the new certificate can have a validity period of up to 397 days.
  • On or after February 24, 2026, when you reissue or duplicate a public TLS certificate, the new certificate can have a validity period of up to 199 days.

 

How does this affect public TLS certificate renewals?

You can still renew a certificate order as early as 90 days before it expires. As of February 24, 2026, DigiCert will issue your certificate with a 199-day maximum validity.

 

CertCentral Services API requests will automatically be adjusted to 199 days

CertCentral Services API requests will be automatically adjusted to 199 days. This behavior is intended to prevent unexpected errors and ensure your requests continue to process successfully.

In the table below, you can see the details about the API impact for Multi-year Plan (MyP) and non-MyP orders. MyP allows customers to pay a single price for up to three years of TLS/SSL order coverage. If using MyP, you can continue reissuing your certificates at no additional cost until the plan expires.

 

API impact for Multi-year Plan (MyP) and non-MyP orders

       Name                             Req/Opt                         Type           Description for MyP* account Description for non-MyP account                                                                                               
Certificate  required  object  Certificate details  Certificate details
.. cert_validity  optional  object  Defines the validity period of certificates issued for this order. Cannot exceed order validity period.   
.. .. years

 optional  int  1 year certificate validity is automatically adjusted to 199 days. 
Allowed value: 1		 cert_validity.years value is not supported. 
.. .. days  optional  int  Number of days greater than 199 will be automatically adjusted to 199.   
Max:  199		 cert_validity.days value is not supported. 
.. .. custom_expiration_date  optional  string A custom expiration date for the certificate.
Range: Must be within 199days of the date you request the certificate. 		 cert_validity.custom_expiration_datevalue  is not supported.
validity_years

 optional  int Number of years for the order.
Range: 1 - 3 		 1-year validity is automatically adjusted to 199 days.
Allowed value: 1
Custom_expiration_date

 optional  string A custom expiration date for the order. 
Range: Must be within 3 years of the date you request the order. 		 A custom expiration date for the order. 
Range: Must be within 199 days of the date you request the order. 
order_validity  optional  object Defines the validity period of the order. Defines the validity period of the order.
.. years  optional  int Number of years the order is valid.
Range: 1 - 3 		  
1-year validity is automatically converted to 199 days. 
Allowed value: 1
.. days  optional  int Number of days the order is valid.
Max: 1095 		 Number of days greater than 199 will be automatically adjusted to 199.   
Max: 199 
.. custom_expiration_date  optional  string A custom expiration date for the order. 
Range: Must be within 3 years of the date you request the order. 		 A custom expiration date for the order. 
Range: Must be within 199 days of the date you request the order. 

References

  • DigiCert Logo

    The most-trusted global provider of high-assurance TLS/SSL, PKI, IoT and signing solutions.