Thank you to our friends at GlobalSign for providing us with this important blog post.
Starting on September 1st, 2020, SSL/TLS certificates cannot be issued for longer than 13 months (397 days).
Why is this happening now?
Long story short, some of the industry’s biggest names – namely, Apple – have announced that their browsers (such as Safari) will no longer recognize SSL certificates that are longer than 1 year in length.
The biggest reason for this change has to do with identity – how long should the information used to validate an identity stay trusted? The longer between validation, the greater the risk. Google has said that in an ideal world domain validation would occur about every six hours.
What shorter SSL/TLS validity means for website owners
If you’re using a two-year certificate that was issued before September 1, your certificate will stay valid until its original expiration date. You just won’t be able to renew for two years moving forward.
Or to put it another way, you have until the first of September to get two-year certs. After that they will be relegated to the desktop recycling bin of history.
What about reissuing my certificates?
You may wonder what happens when you reissue one of your two-year certificates after this change goes into effect. Well, we have good news for you! If you reissue a certificate and lose validity, you can reissue the certificate later – ideally less than 397 days prior to your original cert expire – and recover the lost validity from your first reissue! This works the same way it did in 2018 when we went from three-year max validity down to two years.