Knowledge Base

Effective Date: March 15, 2026 
Impacted: SCM Enterprise customers using Domain pre‑validation and Partner‑managed end customers performing DCV, Retail SSL customers. 

Overview 

Beginning March 15, 2026, all Certificate Authorities must shorten the maximum TLS/SSL certificate lifespan from 398 days to 200 days. The same reduction applies to DCV (Domain Control Validation) reuse. This policy was introduced through CA/Browser Forum Ballot SC081v3. 

To learn more, see the official Baseline Requirements: 

https://cabforum.org/working-groups/server/baseline-requirements/documents/CA-Browser-Forum-TLS-BR-2.1.6.pdf 

If you are a partner or retail customer, please click on the below link for further details.:
DCV Reuse Reduction to 200 Days – Implementation & Guidance for Partner customers and Retail Customers  | Sectigo® Official 

If you are an Enterprise customer, please continue reading below.:

This change directly impacts how long Domain Control Validation exists, and future DCV records remain valid for certificate issuance. Many DCV records currently visible in Sectigo Certificate Manager (SCM) will expire earlier than displayed and may require immediate revalidation to avoid issuance failures. 

Sectigo is actively updating SCM to reflect the correct expiration logic and will provide additional tooling and guidance as the transition approaches. 

What Is Changing? 

DCV Reuse Reduction 

Beginning March 15, 2026: 

• Maximum DCV reuse is reduced to 200 days from the date of validation. 

• All existing DCV records regardless of original validation date will be capped at 200 days. 

• Any DCV record older than 200 days will no longer be eligible for certificate issuance or reissuance from March 15, 2026. 

Impact to SCM 

• Current SCM expiration dates for domain pre‑validation may appear inaccurate until updates are completed. 

• Some domains will expire earlier than indicated in the interface. 

• Sectigo will synchronize SCM to reflect the 200‑day maximum and provide improved reporting on affected domains. 

 

Why This Matters 

Customers with large DCV inventories may encounter: 

• Potential production impact on certificate issuance beginning March 15, 2026 

• Disruption to manual issuance workflows, automated pipelines, ACME, and integration‑based issuance 

• Increased operational overhead without early remediation 

To avoid service impacts, domains validated before September 2025 should be reviewed and renewed proactively. 

 

Sectigo Mitigation Actions 

Sectigo is implementing the following measures: 

Early Renewal Support 

SCM already allows early DCV renewal to support ahead‑of‑deadline remediation. 

SCM Enhancements 

• Synchronization of displayed expiration dates with the mandated 200‑day window 

• Evaluation of bulk update options 

• Additional DCV reporting to identify at‑risk domains 

• Release of updated communications, guidance, and documentation 

Enhanced Validation Options 

The industry has introduced persistent DNS TXT records (SC088 ballot), which Sectigo sponsored. 
This method allows: 

• A single persistent DNS TXT record per domain 

• Automated recurring validation checks by Sectigo 

• Minimal DNS‑side operational overhead once configured 

 

Required Customer Actions 

Customers should complete the following before March 15, 2026: 

Review and Renew DCV Records 

• Prioritize domains validated before September 2025 

• Revalidate any domain approaching or exceeding 200 days of age 

Validate Certificate Workflows 

• Review automation, ACME, and any issuance systems that rely on pre‑validated domains 

• Confirm issuance processes will not fail due to shortened DCV validity 

Improve Monitoring 

• Ensure DCV expiration alerting is enabled in SCM 

• Verify notification recipients are up‑to‑date and monitored 

 Consider Persistent DNS TXT Records 

• Publish a persistent TXT record per domain 

• Reduce manual validation workload 

• Avoid repeated DNS updates during lifecycle shortening phases 

 

Future Timeline for Certificate and DCV Validity 

Date	Max TLS/SSL Validity	Max DCV Reuse	Notes
Mar 15, 2026	200 days	200 days	SCM updated to enforce 200‑day limit
Mar 15, 2027	100 days	100 days	Renewal frequency doubles
Mar 15, 2029	47 days	10 days	Highly compressed cycle; automation strongly recommended

Existing certificates remain valid until their natural expiration dates. 

7. Guidance:
How to create a report in SCM to filter DCV for revalidation process within days? 
How to Identify Domains Requiring DCV Revalidation Using the SCM API?   

 

8. Assistance and Support 

Customers requiring help with: 

• Identifying impacted DCV records 

• Planning remediation 

• Implementing persistent TXT records 

• Preparing for 2026/2027/2029 lifecycle changes 

Should contact: 

• Sectigo Support (submit a ticket) 

• Premier customers should contact their Technical Account Manager (TAM) for personalized guidance, domain impact assessment, and assistance planning for the 200‑day DCV and certificate lifecycle changes. 
• Non‑premier customers can work directly with Sectigo Support to help identify affected domains and prepare for the shortened lifecycle requirements. 
  If you require dedicated advisory support or want access to a TAM, consider upgrading to Premier Support to receive enhanced, proactive lifecycle management assistance.

 

Sectigo will continue providing updates, tooling improvements, and educational resources as enforcement dates approach. 

 

FREQUENTLY ASKED QUESTIONS: 
 

Q1: Can you please clarify how the 200-day term change will affect current certificate profiles and currently valid certificates? 
Answer: When SCM version 26.1 is released in January, all existing public SSL certificate profiles will automatically update to reflect a 199‑day maximum term. 

Q2: How is the current certificate renewal impacted since most certificates are issued for 365+ days. 
Answer: The updated validity period applies only to newly issued certificates after the policy goes into effect. Any certificates that were issued previously with longer lifespans will continue functioning normally and will not require early renewal or replacement. 

Q3: Do profiles have to be updated manually, or will Sectigo apply the changes automatically when the 200-day term becomes effective? 
Answer: All profile terms exceeding 199 days will be automatically removed in March as part of the policy enforcement. 

 

 

Related Articles: DCV Reuse Reduction to 200 Days – Implementation & Guidance for Partner customers and Retail Customers  | Sectigo® Official 

How to create a report in SCM to filter DCV for revalidation process within days? 
How to Identify Domains Requiring DCV Revalidation Using the SCM API?   

 

Tags: