New SSL certificate rules from March 15, 2026: what website owners need to know

07Mar 2026 by Core

New SSL certificate rules from March 15, 2026: what website owners need to know

Starting March 15, 2026, new rules for SSL/TLS certificates will take effect. The maximum validity period will be reduced almost by half. Previously a certificate could be valid for up to 398 days, but the new limit will be 200 days.

The changes were approved by the CA/Browser Forum, an industry organization that defines security standards for certificate authorities and browser developers.

In practice, this means that the validity period of SSL certificates will gradually become shorter and certificates will need to be renewed more frequently.

Let’s look at what exactly is changing and whether website owners need to take any action.

If your website does not yet use SSL, you can use a free Let’s Encrypt certificate or a commercial certificate with extended validation. More information about available options can be found on the SSL certificates page.

What will change?

The main change concerns the maximum validity period of SSL certificates.

The transition will happen gradually:

Date	Maximum SSL validity period
Before March 15, 2026	398 days
From March 15, 2026	200 days
From March 2027	100 days
From March 2029	47 days

As a result, the industry will gradually move from annual certificates to certificates that are valid only for a few weeks.

The reuse period for domain validation will also be shortened. This means certificate authorities will verify domain ownership more frequently.

Why is the SSL validity period being reduced?

The main reason is improving internet security.

The longer a certificate remains valid, the more time attackers have if a private key is compromised or a configuration error occurs. Shorter validity periods allow potentially vulnerable certificates to be replaced faster.

There are also other reasons:

faster transition to new cryptographic algorithms
more frequent domain ownership verification
preparing infrastructure for future security standards

Will SSL certificates need to be purchased more often?

No. Shorter certificate lifetimes do not mean higher costs.

Commercial certificate authorities already use a subscription model. This means a certificate can be purchased for 1 or 2 years, while it may be reissued several times during that period at no additional cost.

For example:

a certificate is purchased for one year
the first certificate is valid for about 200 days
a new certificate is then issued for the remaining period

This process is called reissue and is a standard practice.

What does this mean for website owners?

The main practical change is that certificates will need to be renewed more often.

Approximate renewal frequency:

in 2026 — about two renewals per year
in 2027 — three or four renewals
after 2029 — renewals may happen every few weeks

If SSL certificates are installed manually, the risk of forgetting to renew them will increase.

Why automatic SSL renewal is becoming the standard

Modern web infrastructure increasingly relies on automation.

If a certificate expires, browsers begin displaying security warnings. This can lead to loss of visitors and reduced trust in the website.

For this reason, most hosting platforms now use automated SSL management.

For example, free Let’s Encrypt certificates can automatically:

be issued
be installed on the server
be renewed before expiration

On web hosting plans, these certificates are usually enabled through the control panel and renewed automatically.

Do hosting clients need to do anything?

In most cases, no.

If you are using a free Let’s Encrypt SSL certificate through the hosting control panel, it will be issued and renewed automatically without any action from the website owner.

Commercial SSL certificates (for example, OV or EV) usually require manual installation and periodic reissuance. Their validity period will also be shortened according to the new industry rules.

When should you pay attention?

You should check your SSL configuration if:

the certificate is installed manually on the server
commercial OV or EV certificates are used
certificates are managed within corporate infrastructure

In these cases it is recommended to configure automatic certificate renewal in advance.

Frequently asked questions

Why is the SSL validity period being shortened?

The goal is to improve security. Shorter certificates reduce risks if a key is compromised or cryptographic algorithms become outdated.

Will I need to pay for SSL more often?

No. Commercial certificates are usually purchased for one or two years and may be reissued multiple times within that period without additional cost.

What happens if an SSL certificate expires?

Browsers will display a security warning. Visitors may not open the website and search engines may reduce trust in the site.

Do hosting users need to take any action?

If you are using a free Let’s Encrypt SSL certificate through the hosting control panel, it is renewed automatically and requires no action.

Summary

Starting in March 2026, the maximum validity period of SSL certificates will be reduced to 200 days. In the future the validity period will become even shorter.

This is part of a global shift toward more frequent certificate renewal and automated security management.

For most website owners these changes will be almost invisible, especially if SSL certificates are managed through the hosting control panel.

Need an SSL certificate for your website?

Our hosting allows you to use free Let’s Encrypt certificates with automatic renewal as well as commercial certificates for projects that require extended validation.

View available SSL certificates

04Nov 2022 by Core

OpenSSL Vulnerability – Update Required

Security

OpenSSL identified a high-risk vulnerability over the weekend and released a patch on November 1st. If you are running OpenSSL on any platform (highly likely), you’ll need to run an update to ensure your connections and infrastructure remain secure. Note: this only affects the OpenSSL library, you do not need to update your SSL certificate(s).

Update immediately if you’re running OpenSSL version 3.0.0 through 3.0.6.

Version update information: https://www.openssl.org/source/.

21Oct 2020 by Core

Estonia was hit by a third wave of malware – always verify the sender’s address before clicking!

News, Security

Please read the official announcement of the State Information Systems Board here

16Jan 2019 by Core

DNS flag day — we are ready

Domains, Security

On February 1, the updated name server standard, EDNS (Extension mechanisms for DNS), will be finally deployed.

In this regard, we inform you that our servers are ready for these changes. All necessary settings are made.

All domains that are served on Core Hosting servers are in order. To check your domains served by other providers, use the link: https://dnsflagday.net/

26Apr 2018 by Core

5 Reasons Your Business Needs HTTPS

Security, SSL Certificates

The rules have changed about what good website security means — starting with a new minimum requirement for all website pages to support encrypted connections. The good news is you’ll gain other valuable benefits by adhering to this new standard. First, let’s get on the same page by reviewing a few basics.

What’s HTTPS?

When your customers land on a web page that’s not protected by any type of SSL Certificate they’ll see http:// at the beginning of the website address in the browser bar. This used to be perfectly fine unless your webpage involved a login ID, password, form or payments. Enter the era of mega cybercrime.

HTTP has one glaring flaw — it’s not secure. Any information transmitted via an HTTP connection is vulnerable to being tampered with, misused or stolen. Your visitors deserve to know any data they share with you is safe from prying eyes.

Installing an SSL Certificate changes the browser bar address to https:// to clearly show visitors the connection is encrypted, meaning the server is authenticated and data is protected in transit. No wonder web browsers have made HTTPS the new standard for website security.

HTTPS Is Good for Your Bottom Line

Enabling encrypted connections is one great reason to protect your website with an SSL Certificate. But, it’s not the only reason. Here are some other ways HTTPS brings value to your business.

Speeds Up Performance

Being the slow kid on the block and the last one picked for dodgeball is a bummer. Being slow online could cost you everything. HTTP is being replaced by a newer faster version — HTTP/2. Encrypted connections are required to unlock the latest speed and security features.

Increases Search Engine Traffic

Google includes SSL as a ranking factor. How’d you like to boost your search visibility up to 5%? Be found above the competition by encrypting every page of your website.

Enables Mobile Options

Salesforce reports 71% of marketers believe mobile is core to their business. Mobile’s most popular features — geolocation, motion orientation, microphone, fullscreen and camera access — require HTTPS to be enabled by most browsers

Protects Your Brand Reputation

A recent CA Security Council Report shows a mere 2% of customers would proceed past the “Not Secure” warnings that are due to kick in July 1 for all webpages without HTTPS connections. Show visitors your brand values their security by protecting your website with an SSL Certificate.

Delivers a Seamless Experience

Don’t let visitors engage with several pages on your site only to be get broadsided with a “Not Secure” warning on pages you haven’t protected. They’ll reward you for taking the extra steps to give them an end-to-end encrypted experience.

Identity Validation Matters

HTTPS is no longer optional if you want to build relationships and a business online. The good news it adds a lot of value to your business. But, SSL Certificates do more than enable HTTPS. They also authenticate, or validate your identity so visitors know it’s really you on the other end of their connection.

We’re here to help you find the right level of validation based on your goals.

Category: Security