Will the changes to allowed SSL/TLS certificate lifetimes affect your website?
As web developers, TJS keeps abreast of industry developments and, in our latest guide, we take a look at the duration of SSL/TLS certificates. We’ll look at historical changes to certification lifetimes and the impact of forthcoming changes on your website. Plus, why it pays to have your web developer manage your certificate renewals on your behalf.
What are SSL/TLS certificates?
At its simplest, these certificates protect data sent over the internet, through encryption and verification of the website's identity, keeping information safe while it travels between your website and your visitors.
What happens without SSL/TLS certificates?
• Your visitors will see warnings that your site is ‘Not Secure’.
• Your site will rank lower in search engine results.
• Sensitive information (like payment details, contact forms or login details) could be at risk of exposure.
What does an SSL/TLS certificate actually do?
• Proves your identity – visitors know they’re on a genuine website.
• Encrypts information – data sent between your site and your visitors is made secure so no one else can read it.
• Builds trust – people will have confidence when using your site, and search engines strongly prefer secure websites.
Do SSL/TLS certificates expire?
Yes, SSL/TLS certificates have an expiration date.
Pre-2020, certificates could last up to 3+ years. While this was convenient as you could install one and forget about it for a long time, it wasn’t great for security.
Shorter certificate lifetimes are better as a hacked certificate cannot be misused for as long.
Why reduce SSL/TLS certificate lifetimes?
The system for cancelling compromised certificates isn’t perfect so, because of this, the industry has slowly shortened how long certificates can last as follows:
Pre-2020 – several years (often 2–3+ yrs)
2020–2026 – 398 days (just over one year)
Further changes to certificate length are due to be implemented as follows:
March 2026 onwards – 200 days
March 2027 onwards – 100 days
March 2029 onwards - 47 days
What will shorter certificate timelines mean for you?
In addition to better security, as mentioned above, faster updates will be possible as security improvements can be adopted more quickly.
What does this mean for website owners?
It depends on how your certificates are managed.
Manual certificate renewal - with a one-year certificate, manually renewing might have been manageable, but a 90-day certificate means renewing four times a year, or more if you want to err on the side of caution and be sure your certificate will not run out. If one renewal is missed, visitors to the site will see “Your connection is not private” warnings and may leave. Your search rankings can suffer and your site will look unprofessional.
Automated renewals – automated renewals mean that website owners don’t have to remember anything! Your certificate renews before it expires allowing your website to stay secure without interruption.
Why TJS should handle your certificate renewal
When we manage your SSL/TLS certificates:
• You never have to think about expiration dates.
• Renewals happen automatically.
• The risk of your website suddenly showing security warnings drops dramatically, without the safeguard of https:// at the beginning of your URL.
• You get peace of mind.
• We monitor expiry dates to ensure renewals happen before a problem occurs.
As certificate lifetimes get even shorter, professional management will become more important. While shorter expiry periods might seem like an inconvenience, they make the internet a more secure place for everyone with SSL/TLS certificates essential when running a modern website.
If you’re still renewing certificates manually, now’s the time to switch to automation and let TJS take care of it for you.
Our automated renewals keep your website secure, your customers confident and you free to run your business.
Contact us
If you’d like help setting up automatic renewals or reviewing your website security, contact us today by email at info@tjs.co.uk or telephone on 01507 525500 and ask for Richard.
