7 reasons automation is the solution to 47-day certificate lifespans Go to 7 reasons automation is the solution to 47-day certificate lifespans
Automation is the only sustainable solution as 47-day certificate renewals become the new standard.
SSL certificate lifespans are shrinking. Manual management won’t keep up.
The new 47-day maximum validity standard for SSL/TLS certificates will require faster renewals. Approved by the CA/Browser Forum in April 2025, this change will be fully enforced starting March 2029. Automate your certificate lifecycle now and stay ahead of outages, risks, and rising complexity.
Talk to one of our experts
47-day SSL/TLS certificates will be the new standard in 2029
The newly approved measure, initially proposed by Apple and endorsed by Sectigo in January 2025, will gradually reduce certificate lifespans from the current 398 days to 47 days through a phased approach.
Ballot SC-081v3 formally passed on April 11th, 2025, putting the phased reduction into effect with the following enforcement dates:
- March 15, 2026: Maximum certificate lifespan reduced to 200 days
- March 15, 2027: Further reduction to 100 days
- March 15, 2029: Final enforcement of the 47-day maximum lifespan
This change, supported by Sectigo—a leading certificate authority— and major browsers like Apple and Google, marks a turning point for digital certificate management. Organizations will now need to renew certificates nearly every month, an unsustainable pace without an automated solution.
Here’s what this means for your business ➔
Manual certificate management is overwhelming
With public certificates needing renewal every 47 days, as opposed to the current 398-day term, businesses will soon face near-monthly renewal cycles rather than annual ones.
Manual certificate management is already difficult and time-consuming. With 47-day certificate validity periods, it will become impossible, especially as the first enforcement milestone approaches in March 2026. Certificate terms will be cut in half, from 398 days to 200 days, effectively doubling the workload for IT and security teams. The time to automate isn’t in 2029. Businesses need to begin preparing now by moving to an automated certificate lifecycle solution.
This shift will dramatically increase the operational workload, leading to:
- 12x more certificates to manage
- 12x more work security and IT teams
- 12x higher risk of missing a renewal and triggering outages
Challenges you might face if you manually manage your digital certificates:
Complexity
Managing multiple validations and configurations is already time-consuming, and shorter certificate lifespans will make it even more difficult.
Risk
Forgotten certificates can lead to security breaches, outages, and dangerous vulnerabilities.
Inefficiency
Manual processes are prone to errors, delays, and security risks.
Certificate outages impact everyone
Around 81% of companies have experienced a certificate-related outage in the past two years. Certificate outages happen when digital certificates expire or become invalid, causing security and operational challenges. Implementing an automated Certificate Lifecycle Management (CLM) solution, such as Sectigo Certificate Manager (SCM), helps prevent outages and disruptions by ensuring certificates are always up-to-date.
What happens if no action is taken
When a certificate expires and isn't renewed on time, it triggers a browser warning informing users that their connection is no longer private, causing them to leave the site, assuming (rightly so) that the site is unsafe. These warnings not only drive customers away but also damage a business's reputation. The financial impact can be severe, with businesses losing both immediate sales and future revenue as digital trust deteriorates.
By the time 47-day certificates become the standard, the time between issue and expiration will be measured in weeks, not months, amplifying the impact of even brief delays in renewal.
But this is just the tip of the iceberg. A missed certificate renewal can also lead to outages, data breaches, service disruptions, and costly non-compliance fines.
It’s time to automate. Here’s your path forward:
Step1: Full SSL/TLS discovery
Carry out a full SSL/TLS certificate discovery for an inventory of both internal and external certificates.
Step 2: Vendor tech inventory
Compile a comprehensive list of vendor technologies that require those certificates to function.
Step 3: Automation mapping
Identify the relevant automation protocols for each technology in your inventory.
Step 4: 47-day rollout plan
Build your deployment plan around key milestones, starting with 200 days in 2026 and reaching 47-day certificates by 2029.
Step 5: Crypto agility
Ensure long-term security and agility for continuous cryptographic readiness.
47-day survival guide
With the CA/B Forum’s official approval of Apple’s proposal for 47-day certificate lifespans, organizations must begin preparing now. Manual management simply won’t scale. Download our free survival guide to ensure your team is ready for the transition.
Maximize ROI before 47-day certificate lifespans
Are you ready for 47-day certificate lifespans? Our 47-Day ROI Calculator helps you quantify the business impact and savings of automating certificate lifecycle management today. In minutes, you’ll see exactly how much time, money, and risk you can eliminate by preparing for shorter certificate lifespans before they become a costly operational burden. Start calculating your ROI now and take control before the clock runs out.
Related Resources
