SSL certificate validity may be reduced to 47 days
Don't be caught off guard: avoid human error and automate all processes with ACME and Actalis CertiManager
New SSL/TLS validity: roadmap to 2029
New SSL/TLS validity: roadmap to 2029
Following policy decisions by the CA/Browser Forum – the industry body that defines standards and best practices for web security and SSL/TLS certificates – certificate lifetime is expected to be progressively reduced between 2026 and 2029.
These decisions follow a majority vote involving major international stakeholders in the digital ecosystem. The objective is to reduce certificate lifetimes to 47 days, making fully automated certificate management essential, as shorter lifecycles render manual processes impractical and increasingly risky.
Please note the following key milestone dates:
maximum validity
398 days
maximum validity
200 days
maximum validity
100 days
maximum validity
47 days
What does this mean for your organisation?
More frequent certificate renewals and replacements
Stricter compliance requirements aligned with major browser hehpolicies
Increased complexity in expiry tracking and certificate management
Automation is the only effective long-term solution.
What does this mean for your organisation?
More frequent certificate renewals and replacements
Stricter compliance requirements aligned with major browser policies
Increased complexity in expiry tracking and certificate management
Automation is the only effective long-term solution.
Automation as a compulsory standard: which solution should you choose?
By 2029, certificate lifetimes are expected to be reduced to 47 days.
Actalis is the only Italian CA offering both:
- Native ACME automation for fast, scalable operations
- Enterprise-grade governance for complex compliance via Actalis CertiManager
within a single ecosystem.
By 2029, certificate lifetimes are expected to be reduced to 47 days.
Actalis is the only Italian CA offering both:
- Native ACME automation for fast, scalable operations
- Enterprise-grade governance for complex compliance via Actalis CertiManager
within a single ecosystem.
ACME
Fully automated certificate issuance and renewal
Ideal for direct integration with web servers, cloud platforms, CI/CD pipelines and DevOps tools
Processes managed through standard ACME APIs
Reduces human intervention and the risk of errors
Designed for large-scale domain and service management
Actalis CertiManager
Manual and assisted operations: issuing, renewing and revoking
Ideal for simplified IT team management, even without scripting skills
Intuitive interface for centralised lifecycle management
Full monitoring of certificates (status, expiries, issuance) from a single dashboard
Operation history, notifications and reporting
ACME
Fully automated certificate issuance and renewal
Ideal for direct integration with web servers, cloud platforms, CI/CD pipelines and DevOps tools
Processes managed through standard ACME APIs
Reduces human intervention and the risk of errors
Designed for large-scale domain and service management
Actalis CertiManager
Manual and assisted operations: issuing, renewing and revoking
Ideal for simplified IT team management, even without scripting skills
Intuitive interface for centralised lifecycle management
Full monitoring of certificates (status, expiries, issuance) from a single dashboard
Operation history, notifications and reporting
Certificate automation with ACME: Actalis-compatible clients
The following clients support the ACME protocol and are compatible with Actalis Certification Authority services, enabling automated certificate issuance and renewal:
Certbot
win-acme
simple-acme
acme4j
Certify The Web
acme.sh
For containerised and cloud-native environments such as Kubernetes (including Aruba Cloud and other compatible platforms), detailed instructions and configuration examples are available to support integration with Actalis services.
Why automation is the best choice
Actalis's automation solutions allow you to:
Why automation is the best choice
Actalis's automation solutions allow you to:
guarantee service continuity
manage expiry dates
reduce human error and downtime
eliminate the need for internal IT tickets related to renewals and hehexpiries
Actalis transforms a fragmented and complex process into a stable and continuous cycle that no longer requires manual intervention.
This ensures fully transparent certificate provisioning and renewal and, through frequent key rotation, strengthens the overall security of your digital infrastructure.
guarantee service continuity
manage expiry dates
reduce human error and downtime
eliminate the need for internal IT tickets related to renewals and expiries
Actalis transforms a fragmented and complex process into a stable and continuous cycle that no longer requires manual intervention.
This ensures fully transparent certificate provisioning and renewal and, through frequent key rotation, strengthens the overall security of your digital infrastructure.
FAQs
When will the 47-day SSL certificate lifetime come into effect?
The maximum 47-day validity for SSL certificates (now more commonly referred to as TLS certificates) will come into full effect on 15 March 2029.
The reduction in certificate lifetime will not happen immediately. Instead, it will be implemented in multiple phases, following an approved roadmap defined by the CA/Browser Forum in April 2025.
The key lifetime-reduction milestones are as follows:
- Today: maximum validity 398 days
- Certificates issued after 15 March 2026: maximum validity 200 days
- Certificates issued after 15 March 2027: maximum validity 100 days
- Certificates issued after 15 March 2029: maximum validity 47 days
What is the ACME protocol and how does it work with Actalis?
The ACME (Automated Certificate Management Environment) protocol is an open, standardised protocol designed to automate the entire digital certificate lifecycle (issuance, installation, renewal and revocation), eliminating the need for human intervention.
The workflow is based on communication between two main components:
- ACME Client: software installed on the user’s server or environment
- ACME Server: managed by the Certification Authority (CA)
What's the difference between manual and automatic renewal?
Manual and automatic renewal differ mainly in the process and reliability with which a digital certificate’s expiry (SSL/TLS) is handled.
The key differences are outlined below:
| Feature | Manual Renewal | Automatic Renewal (ACME) |
| Human intervention | Required at each phase | Eliminated |
| Workflow | The user must generate a new CSR, upload it, and install the renewed certificate | A software client handles the entire cycle |
| Promptness | Depends on memory and administrator availability; prone to oversight | Triggered automatically days or weeks before expiry |
| Risk of interruption | High if a renewal is missed | Basically zero – guaranteed continuity |
| Scalability | Difficult to manage large numbers of certificates | Designed for high certificate volumes |
| Default protocol | Web interface or limited APIs | Standardised ACME protocol |
Does Actalis CertiManager also manage certificates from other CAs?
Yes, Actalis CertiManager supports the management of certificates issued by other Certification Authorities (CA), with features that vary compared to Actalis-issued certificates.