47-Day SSL Certificates Are Coming
200 days in 2026. 100 days in 2027. 47 days by 2029.
Updated: February 2026
The SSL industry is transitioning to short-lived certificates.
Under CA/Browser Forum Ballot SC-081v3, the maximum validity of publicly trusted SSL/TLS certificates will be reduced in phases:
- March 15, 2026: 200-day maximum
- March 15, 2027: 100-day maximum
- March 15, 2029: 47-day maximum
Why 47-day SSL certificates?
The shift toward shorter certificate lifespans is designed to improve ecosystem security and reduce risk exposure.
Reduced compromise window
If a private key is exposed, the certificate is valid for a shorter time period, limiting impact.
Faster validation cycles
Shorter lifespans require more frequent validation of domain ownership and organizational control.
Automation-first infrastructure
The industry is standardizing around automated ACME-based renewal workflows rather than manual CSR processes.
In practical terms, this change aligns commercial SSL with the model Let’s Encrypt introduced years ago.
What this means for developers
If you are deploying modern applications, you already understand this reality.
Infrastructure must be:
- Automated
- Repeatable
- Deployment-friendly
- Integrated into CI/CD workflows
Manual CSR generation and once-per-year certificate installs do not scale in a 100-day or 47-day certificate world.
Renewal needs to be part of your infrastructure automation, not a calendar reminder.
How Arcustech is adapting
Standardizing on Let’s Encrypt
Let’s Encrypt operates on an automation-first model and uses the same modern cryptographic standards and browser trust as commercial certificates.
It integrates cleanly into automated server environments and deployment workflows.
Let’s Encrypt is now our standard and fully supported SSL solution.
No longer directly selling commercial SSL certificates
As lifespans shorten, manual commercial SSL sales and CSR-based renewals become operationally impractical in managed environments.
We will no longer directly sell commercial SSL certificates.
Clients who require commercial certificates for compliance reasons may still use them, but automation will be required.
Full implementation details are available here:
CDN-first architecture simplifies SSL
We strongly recommend placing a CDN or abuse protection layer in front of every site.
Services such as Cloudflare, Bunny, and Fastly provide:
- DDoS mitigation
- Bot filtering
- Global performance optimization
- Simplified certificate lifecycle management
When SSL is terminated at the CDN layer, origin server complexity is reduced and renewals become more resilient.
Encryption strength is not changing
A 47-day SSL certificate provides the same encryption strength as a traditional 1-year commercial certificate.
Modern certificates, whether issued by Let’s Encrypt or a commercial CA, rely on the same cryptographic standards and browser trust chains.
For most modern deployments, the distinction between commercial and Let’s Encrypt certificates is policy-driven, not technical.
The future is automated SSL
Short-lived certificates are not a temporary experiment. They are the new baseline.
SSL management must now be:
- Automated
- Integrated into infrastructure workflows
- Operationally predictable
Arcustech is aligning our hosting platform with that reality to ensure stable renewals, reduced outage risk, and modern deployment compatibility.