Ask a Question

Advanced Search

Alert ID : GN270720061110

Last Modified : 07/30/2020

2-year Certificate Availability Ends on September 1, 2020


TLS/SSL certificate validity period shifts to one-year maximum

On September 1, all Certificate Authorities are required to stop issuing 2-year TLS/SSL certificates. The new industry-allowed maximum validity will be 1 year (398 days). DigiCert is limiting the maximum certificate validity to 397 days to account for differences in time zones. This change applies to all publicly trusted TLS/SSL certificates.


What do I need to do?

Take inventory of your current certificates and any new certificates they may need with a 2-year validity, and order them as soon as possible.


Through CertCentral® Partner:

  • DigiCert® will offer 2-year certificates until August 27, 5:59 pm MDT (23:59 UTC) for organizations that are already validated.
  • DigiCert® will offer 2-year certificates until August 12, 5:59 pm MDT (23:59 UTC) for organizations that need to be validated.
  • Any pending 2-year orders that have not been issued by August 27 will convert to a 2-year Multi-year Plan (see below), and the initial certificate will be issued with a validity of 397 days. 

Through the legacy platform:

  • It will be possible to order 2-year validity certificates until August 12. However, we highly recommend placing all orders through CertCentral Partner, which allows for certificate reissues to cover the full two year period.


How will this affect me?

Any pending 2-year certificates that have not been issued by August 27 will follow the new rules. The future certificate can only have a maximum of 397 days, and the balance of time can be claimed by issuing a new certificate for the remaining duration.

Any 2-year certificates issued by August 27 will remain valid until expiration without any modification or replacement. However, as we are unable to reissue 2-year certificates after August 27, any reissues made after that date will be reduced to 397 days.


To learn more about this change, watch our recent webinar, or read our blog


What are my options?

DigiCert® Multi-year Plan coverage

The new industry rules only allow TLS/SSL certificate validity up to 398 days – one year with an additional month for handling renewals. DigiCert knows this reduction in validity, and renewal window, poses a problem for some customers.   

 As a solution, the DigiCert Multi-year Plan is now available  as a new offering to help with the transition to a shorter certificate validity. . 

DigiCert® Multi-year Plan certificates allow your customers to place a TLS/SSL certificate order for up to six years. Although these certificates will still need to be replaced annually per industry guidelines, your customers can eliminate the hassle of annual renewal payments and plan for renewals at their convenience without losing time they have paid for. Multi-year Plan support is available for 2- to 6-year orders.


Benefits of this plan:

  • Expand your certificate offerings to include a “no-hassle” option with multi-year plan certificates in conjunction with automation. 
  • Provides more billing flexibility for you and your customers, and allows you to secure more revenue up-front, while locking your customers into longer terms.  
  • Partners receive a discount on the cost of certificates, that increases with each year of coverage purchased.  
  • Make renewals simpler. Certificate renewals no longer require additional lifetimes added to new certificates. A customer can simply reissue a new certificate for the additional period.
  • Reduce security risks within your customer base. Your customers can efficiently use as many certificates as they need during their purchase period.