Knowledge Base
Why multi-year SSL certificate shows 397 days validity & how to manage it?
Similar Questions:
How do Multi-Year SSL subscriptions work?
What steps are involved in reissuing a Multi-Year SSL certificate?
Overview:
Why the 397-Day Limit?
The CA/Browser Forum, which sets global standards for SSL/TLS certificates, limits the maximum validity of any single SSL certificate to 397days. This rule applies to all Certificate Authorities (CAs), not just Sectigo.
Understand Multi-Year SSL Structure
-
Multi-Year SSL is a subscription, not a single long-term certificate. Multi-Year SSL plans are delivered as annual reissues under one subscription.
-
You receive:
-
Initial certificate with validity period of 397 days.
-
Submit a reissue request for the next 397 days, based on whichever is shorter: the remaining subscription term or the remaining days.
How to Renew/Reissue
-
Log in to Sectigo Portal:
-
Locate Your Order:
-
Go to Orders →My Products and Services.
-
Click Reissue:
-
Generate a new CSR.
-
Submit a reissue request.
-
Complete Validation:
-
Domain/organization validation as required.
-
Install New Certificate:
-
Replace the old certificate before expiry.
Reissue reminders
-
Sectigo sends reminders on 30, 21, 14, 7, and 3 days before expiry.
Best Practices
-
Schedule reissue 30–60 days before expiry to avoid downtime.
-
Keep CSR and private key secure.
-
Maintain accurate WHOIS and DNS records for smooth validation.
Key Points
-
397-day limit is industry-wide, not a Sectigo restriction.
-
Multi-Year SSL ensures cost savings and continuity but requires annual revalidation.
Related Articles: How to Reissue or Replace SSL Certificates? | Sectigo® Official
Tags:
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
