Why is my SSL expiring every 3 months?
Digital certificates, used with the protocol ‘TLS’ (Transport Layer Security, previously known as ‘SSL’ or Secure Socket Layers) establish secure connections between your web server and the browsers visitors use to view your site. They ensure the user’s browser regards your site as authentic and not as a cybersecurity threat. SSL certificates now expire every 47 days to enhance security and encourage automated management. Shorter validity periods ensure the latest encryption algorithms are used, promote proactive certificate management, and adapt to evolving threats. Frequent expirations can cause downtime and reduced trust but can be mitigated with automated lifecycle management tools like Sectigo Certificate Manager.
This is why SSL expiry is a pressing concern. If a user gets a message saying their site’s certificate has expired, they may feel it’s not trustworthy and navigate elsewhere.
In recent years the maximum term for a public certificate has dropped from three years to two to one, and on March 3, Google announced in its Moving Forward, Together roadmap the intention to reduce the maximum validity for public certificates from 398 days to 47 days, in either a future policy update or a CA/B Forum Ballot Proposal.
Here’s why you may get a "security certificate expired" message after only three months, the potential issues this could cause, and how to prevent them.
SSL certificate expiry: the 47-day validity period
Ninety-day certificates only remain valid for 47 days. One of the main goals of the reduced certificate lifespan is promoting the automation of various certificate management processes, such as issuance and reissuance, to eliminate common errors and certificate lapses. This will, in turn, allow businesses to adapt to new cybersecurity measures and transition to hybrid and quantum-resistant certificates in the future.
A short, 47-day validity period is actually a good thing for the following reasons:
- A 47-day expiration would require getting new certificates more often. This ensures that each certificate uses the latest, most effective algorithm available.
- With shorter validity periods, certificate authorities (CAs) have extra motivation to stay on top of the ever-evolving threat landscape. Because CAs have to provide new certificates more frequently, they also have to frequently check for algorithms that hackers have compromised.
- A shorter expiration time frame encourages the automation of certificate management systems. An automated system takes the legwork out of updating certificates that expire frequently.
When can we expect to see the rollout of 47-day SSL/TLS certificates?
Google is expected to roll out 47-day certificates by the end of 2024 for its Chrome browser. Given Chrome’s popularity, it’s likely that other browser providers will follow suit.
This underscores the need for automated SSL management, regardless of the browsers visitors use to access your site, which is particularly important considering the consequences of frequent certificate expirations.
What happens when certificates expire frequently?
When your SSL certificate expires, users may not be able to access your site. Whether your site simply provides information about your company or plays an integral role in your operations, this could result in significant issues, such as:
- Downtime that prevents users from interacting with your products or services
- Employees not being able to perform their jobs
- A negative user experience because users can’t access the content they want
- Reduced user trust
- A burden on IT teams that have to scramble to get the site back up and running
This is why automating certificate management is so crucial. With effective solutions like Sectigo's Certificate Manager, you don’t have to manually keep track of which certificates are approaching expiration, when, and the services dependent on them.
How to prevent issues stemming from certificate expiration
You can get ahead of certificate expiration problems by taking a proactive stance. For instance, you can:
- Adopt certificate lifecycle management tools to keep track of certificate expiration
- Automate the renewal process
- Set up monitoring and alerts for expiring certificates
- Perform regular audits of each of your certificates
- Introduce a Centralised Decentralised Security (CeDeSec) framework, which would allow a decentralised IT team to maintain a single point of control while still allowing other teams to use the workflows and tools that best suit their needs.
Use certificate lifecycle management to maximize uptime
Certificates expiring after only 47 days will boost security. Shorter validity periods ensure certificates stay updated and limit the amount of damage attackers can levy on a compromised certificate. Frequent expiration also encourages automated certificate management, which can modernize your online security system.
Avoid the hassles that come with certificate expiration by automating your renewal processes. Trusted Sectigo Certificate Manager enhances security for your sites, networks, and connected devices. Contact us today to learn more.