SSL certificate validity may be reduced to 47 days

Don't be caught off guard: avoid human error and automate all processes with ACME and Actalis CertiManager

New SSL/TLS validity: roadmap to 2029

New SSL/TLS validity: roadmap to 2029

Following policy decisions by the CA/Browser Forum – the industry body that defines standards and best practices for web security and SSL/TLS certificates – certificate lifetime is expected to be progressively reduced between 2026 and 2029.

These decisions follow a majority vote involving major international stakeholders in the digital ecosystem. The objective is to reduce certificate lifetimes to 47 days, making fully automated certificate management essential, as shorter lifecycles render manual processes impractical and increasingly risky.

Please note the following key milestone dates:

Today
a
Certificates issued after 15 March 2026
a
Certificates issued after 15 March 2027
a
Certificates issued after 15 March 2029
a

maximum validity
398 days

maximum validity
200 days

maximum validity
100 days

maximum validity
47 days

What does this mean for your organisation?

More frequent certificate renewals and replacements

Stricter compliance requirements aligned with major browser hehpolicies

Increased complexity in expiry tracking and certificate management

Automation is the only effective long-term solution.

What does this mean for your organisation?

More frequent certificate renewals and replacements

Stricter compliance requirements aligned with major browser policies

Increased complexity in expiry tracking and certificate management

Automation is the only effective long-term solution.

Automation as a compulsory standard: which solution should you choose?

By 2029, certificate lifetimes are expected to be reduced to 47 days.

Actalis is the only Italian CA offering both:

  • Native ACME automation for fast, scalable operations
  • Enterprise-grade governance for complex compliance via Actalis CertiManager

within a single ecosystem.

By 2029, certificate lifetimes are expected to be reduced to 47 days.

Actalis is the only Italian CA offering both:

  • Native ACME automation for fast, scalable operations
  • Enterprise-grade governance for complex compliance via Actalis CertiManager

within a single ecosystem.

FOR SMEs AND SELF-EMPLOYED PROFESSIONALS

ACME

Fully automated certificate issuance and renewal

Ideal for direct integration with web servers, cloud platforms, CI/CD pipelines and DevOps tools

Processes managed through standard ACME APIs

Reduces human intervention and the risk of errors

Designed for large-scale domain and service management

Enterprise solution

Actalis CertiManager

Manual and assisted operations: issuing, renewing and revoking

Ideal for simplified IT team management, even without scripting skills

Intuitive interface for centralised lifecycle management

Full monitoring of certificates (status, expiries, issuance) from a single dashboard

Operation history, notifications and reporting

FOR SMEs AND SELF-EMPLOYED PROFESSIONALS

ACME

Fully automated certificate issuance and renewal

Ideal for direct integration with web servers, cloud platforms, CI/CD pipelines and DevOps tools

Processes managed through standard ACME APIs

Reduces human intervention and the risk of errors

Designed for large-scale domain and service management

Enterprise solution

Actalis CertiManager

Manual and assisted operations: issuing, renewing and revoking

Ideal for simplified IT team management, even without scripting skills

Intuitive interface for centralised lifecycle management

Full monitoring of certificates (status, expiries, issuance) from a single dashboard

Operation history, notifications and reporting

Certificate automation with ACME: Actalis-compatible clients

The following clients support the ACME protocol and are compatible with Actalis Certification Authority services, enabling automated certificate issuance and renewal:

Certbot

win-acme

simple-acme

acme4j

Certify The Web

acme.sh

For containerised and cloud-native environments such as Kubernetes (including Aruba Cloud and other compatible platforms), detailed instructions and configuration examples are available to support integration with Actalis services.

Why automation is the best choice

Actalis's automation solutions allow you to:

Why automation is the best choice

Actalis's automation solutions allow you to:

guarantee service continuity

manage expiry dates

reduce human error and downtime

eliminate the need for internal IT tickets related to renewals and hehexpiries

Actalis transforms a fragmented and complex process into a stable and continuous cycle that no longer requires manual intervention.

This ensures fully transparent certificate provisioning and renewal and, through frequent key rotation, strengthens the overall security of your digital infrastructure.

guarantee service continuity

manage expiry dates

reduce human error and downtime

eliminate the need for internal IT tickets related to renewals and expiries

Actalis transforms a fragmented and complex process into a stable and continuous cycle that no longer requires manual intervention.

This ensures fully transparent certificate provisioning and renewal and, through frequent key rotation, strengthens the overall security of your digital infrastructure.

FAQs

When will the 47-day SSL certificate lifetime come into effect?

The maximum 47-day validity for SSL certificates (now more commonly referred to as TLS certificates) will come into full effect on 15 March 2029. 

The reduction in certificate lifetime will not happen immediately. Instead, it will be implemented in multiple phases, following an approved roadmap defined by the CA/Browser Forum in April 2025.

The key lifetime-reduction milestones are as follows:

  • Today: maximum validity 398 days
  • Certificates issued after 15 March 2026: maximum validity 200 days
  • Certificates issued after 15 March 2027: maximum validity 100 days
  • Certificates issued after 15 March 2029: maximum validity 47 days

What is the ACME protocol and how does it work with Actalis?

The ACME (Automated Certificate Management Environment) protocol is an open, standardised protocol designed to automate the entire digital certificate lifecycle (issuance, installation, renewal and revocation), eliminating the need for human intervention.

The workflow is based on communication between two main components:

  1. ACME Client: software installed on the user’s server or environment 
  2. ACME Server: managed by the Certification Authority (CA)

What's the difference between manual and automatic renewal?

Manual and automatic renewal differ mainly in the process and reliability with which a digital certificate’s expiry (SSL/TLS) is handled. 

The key differences are outlined below:

FeatureManual RenewalAutomatic Renewal (ACME)
Human interventionRequired at each phaseEliminated
WorkflowThe user must generate a new CSR, upload it, and install the renewed certificateA software client handles the entire cycle
PromptnessDepends on memory and administrator availability; prone to oversightTriggered automatically days or weeks before expiry
Risk of interruptionHigh if a renewal is missedBasically zero – guaranteed continuity
ScalabilityDifficult to manage large numbers of certificatesDesigned for high certificate volumes
Default protocolWeb interface or limited APIsStandardised ACME protocol

Does Actalis CertiManager also manage certificates from other CAs? 

Yes, Actalis CertiManager supports the management of certificates issued by other Certification Authorities (CA), with features that vary compared to Actalis-issued certificates.

Product added to compare.