End of 2-Year SSL/TLS certificate.

The industry is phasing out 2-year public SSL/TLS certificates.

The industry will stop providing 2-year public SSL/TLS certificates on September 1, 2020. SSL/TLS certificates now have a maximum validity of 397 days (approximately 13 months).

An implementation of a 397-day maximum validity for all SSL/TLS certificates. This method accommodates zone differences and prevents Certificate Authorities from issuing a public SSL/TLS certificate that is valid for more than 397 days.

This industry change does not affect these types of certificates:

• Private SSL/TLS
• S/MIME
• Client
• Code Signing
• EV Code Signing
• Document Signing

What do I need to do?

It is best that you obtain a new public SSL/TLS certificate to maximize your certificate coverage with the new 397-day maximum certificate validity.

Multi-year plans let you pay one low payment for up to six years of SSL/TLS certificate protection. You choose the SSL/TLS certificate, certificate validity, and coverage term (up to six years) with these plans.

What happens if my 2-year public SSL/TLS certificate doesn’t arrive by the deadline?

Orders for public SSL/TLS certificates with a validity duration of more than 397 days will be transferred to a Multi-year Plan automatically.

This implies:

• The order’s first certificate will be issued with a 397-day maximum validity.
• The validity of the Multi-year Plan will be maintained from the time of purchase.
• Your Multi-year Plan.
• You must reissue the certificate within the order’s final 397 days to use the remaining coverage.
• Each order includes unlimited free certificate reissues.

What impact will this have on my 2-year public SSL/TLS certificates?

This modification has no effect on valid 2-year certificates issued before the deadline of August 27, 2020.

What does this mean for my reissued 2-year certificates and duplicate issues?

When public 2-year SSL/TLS certificates are reissued or replicated, the maximum certificate lifetime length is reduced to 397 days.

The following actions require reissuing a certificate:

• A domain is added to a certificate.
• A domain is removed from a certificate.
• Changing the domain name on a certificate.
• Organizational data is changing (name, address, phone number, etc.).
• Making a certificate duplicate.
• Replacing your public key/private key pair.
• The new certificate will have a maximum validity of 397 days if you reissue or duplicate a 2-year public SSL/TLS certificate. As a result, some of the reissued certificates will expire before the order.

The new certificate will have a maximum validity of 397 days if you reissue or duplicate a 2-year public SSL/TLS certificate. As a result, some of the reissued certificates will expire before the order.

Reissue your certificates within the order’s final 397-day period to take advantage of the remaining validity. You can ask for reissues with a validity of up to 397 days or until the order expires, whichever comes first.

Example: Reissuing a 2-year public SSL/TLS certificate.

1. We issued your 2-year multi-domain certificate on August 1, 2020 (before the August 27 deadline) this is the original certificate.

This document contains the following information:

• It is valid for a maximum of 825 days.
• It expires on November 1, 2022, the same day as the order.

2. You must reprint the certificate on November 1, 2020 (due to the new 397-day maximum validity adjustment).

This reissued certificate contains the following information:

• It has a 397-day maximum validity period.
• On December 1, 2021, it will expire.
• 335 days before the order’s expiration date (the order expires on November 1, 2022).

3. You reissue the certificate on January 1, 2021.

The reissued certificate contains the following information:

• It has a 397-day maximum validity period.
• On February 1, 2022, it will expire.
• 273 days until the order’s expiration (the order expires on November 1, 2022).

4. You renew the certificate for the final time on April 1, 2022.

This reissued certificate contains the following information:

• It is valid for 214 days.
• It expires on November 1, 2022, the same day as the order.

What impact does this have on the renewal of my public SSL/TLS certificates?

You can still renew a certificate order up to 90 days before its expiration date. When you renew your certificate, the CA will transfer as much remaining validity as possible to the new 397-day maximum certificate validity.

Any remaining validity will be transferred to your order, and the order will be changed to a Multi-year Plan. This means that the validity time of your renewal order may be longer than the validity period of the renewal certificate.

Reissue the certificates during the order’s last 397-day period to take advantage of the extended validity provided with the renewal order. You can ask for reissues with a validity of up to 397 days or until the order expires, whichever comes first.