As part of an industry-wide security improvement, the maximum validity period for publicly trusted TLS/SSL certificates is being reduced. Starting in February 2026, Certificate Authorities (CAs) will issue TLS certificates with a maximum validity of 199 days, instead of the current 397 days.
This change is mandated by the CA/Browser Forum Baseline Requirements and applies globally across all major Certificate Authorities.
Why Is This Change Happening?
Shorter certificate lifetimes improve overall internet security by:
- Limiting the exposure of compromised private keys
- Enabling faster adoption of new cryptographic standards
- Reducing reliance on long-lived certificates
- Encouraging automation and modern certificate management practices
This is not a EuroVPS-specific change – it affects the entire TLS ecosystem.
Important Cutoff Dates
Certificate Authorities will enforce the new validity limits on the following dates:
- DigiCert: February 24, 2026
- Sectigo: March 12, 2026
Any certificates issued after these dates will be limited to 199 days of validity, regardless of the product term purchased.
What Does This Mean for EuroVPS Customers?
You can continue purchasing 1-year or multi-year SSL products, but the certificate itself will need to be re-issued approximately every 6 months.
There are two supported approaches to handle this change.
Option 1: Manual Re-Issuance
You may continue using your existing workflow:
- Purchase 1-year or multi-year certificates as usual
- Re-issue and reinstall the certificate every ~199 days
- No additional charges for re-issuance during the product term
Important:
Make sure certificate expiration and renewal notifications are enabled in your account to avoid service interruptions.
This option is suitable for low-volume or manually managed environments.
Option 2: Certificate Automation
Automation removes the operational overhead of frequent re-issuance.
- ACME-based SSL certificates are already available
- Certificates are automatically renewed and installed
- Eliminates manual tracking and renewal risk
For larger or enterprise environments, DigiCert Trust Lifecycle Manager can be used to centrally manage, automate, and audit certificate lifecycles.
Please refer to our ACME-Based Fully Automated SSL Certificate Management documentation and contact us if you need more information.
Additional Technical Considerations
API-Based Certificate Orders
- API orders requesting validity longer than 199 days will still be accepted
- The issued certificate will be capped at 199 days
- The original order term remains unchanged
To avoid confusion, API users should track certificate expiration using the getOrderStatus response parameters.
Validation Reuse Changes (DigiCert)
From February 24, 2026:
- Domain Control Validation (DCV) reuse period reduces from 397 days → 199 days
- Organization Validation (OV) reuse period reduces from 825 days → 397 days
This may require more frequent validation actions for OV certificates.
What Should You Do Now?
- Review your SSL renewal and monitoring processes
- Consider moving critical services to automated certificate management
- Ensure your teams are aware of shorter renewal cycles