Knowledge Base
Why multi-year SSL certificate shows 397 days validity & how to manage it?
Similar Questions:
How do Multi-Year SSL subscriptions work?
What steps are involved in reissuing a Multi-Year SSL certificate?
Overview:
Why the 397-Day Limit?
The CA/Browser Forum, which sets global standards for SSL/TLS certificates, limits the maximum validity of any single SSL certificate to 397days. This rule applies to all Certificate Authorities (CAs), not just Sectigo.
Understand Multi-Year SSL Structure
-
Multi-Year SSL is a subscription, not a single long-term certificate. Multi-Year SSL plans are delivered as annual reissues under one subscription.
-
You receive:
-
Initial certificate with validity period of 397 days.
-
Submit a reissue request for the next 397 days, based on whichever is shorter: the remaining subscription term or the remaining days.
How to Renew/Reissue
-
Log in to Sectigo Portal:
-
Locate Your Order:
-
Go to Orders →My Products and Services.
-
Click Reissue:
-
Generate a new CSR.
-
Submit a reissue request.
-
Complete Validation:
-
Domain/organization validation as required.
-
Install New Certificate:
-
Replace the old certificate before expiry.
Reissue reminders
-
Sectigo sends reminders on 30, 21, 14, 7, and 3 days before expiry.
Best Practices
-
Schedule reissue 30–60 days before expiry to avoid downtime.
-
Keep CSR and private key secure.
-
Maintain accurate WHOIS and DNS records for smooth validation.
Key Points
-
397-day limit is industry-wide, not a Sectigo restriction.
-
Multi-Year SSL ensures cost savings and continuity but requires annual revalidation.
Related Articles: How to Reissue or Replace SSL Certificates? | Sectigo® Official
Tags:
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
