Shorter validity periods for TLS (SSL) certificates. What are the changes and how should you prepare?

The CA/Browser Forum, which establishes global internet security standards, has announced a plan to reduce the validity period of SSL/TLS certificates. Starting 15 March 2026, new certificates will be valid for a maximum of 200 days, down from the current one-year term.

This is the first stage of the changes. The schedule stipulates that by 2029, the certificate validity period will be reduced to 47 days. This decision follows the SC-081v3 vote, which was launched by Apple and approved in April 2025. It sends a clear message that online security is transitioning into an ongoing process, as opposed to a one-time event.

Who is affected by the changes to TLS (SSL) certificate validity periods?

If you operate a website with daily customer traffic, these changes are applicable to you as well. Organisations, which rely on constant availability and user trust, will be most affected by the shorter validity of TLS (SSL) certificates.

This change also bears relevance in cases where:

• you operate multiple domains or brands, each with its own website,
• you use online systems for recruitment, document signing, or customer service,
• your company uses cloud solutions, web applications or API integrations,
• you renew TLS (SSL) certificates manually based on email reminders or calendar alerts,
• the IT infrastructure was set up a long time ago and is not adapted to automated workflows.

The scale and type of the business are also significant if the website is the primary point of contact with the customer. Online stores, booking systems, subscription platforms and corporate websites must operate without interruption.

With more frequent renewals, manually logging into control panels and uploading files becomes risky. Just one human error can lead to the website being blocked. This is why automation is transitioning from a convenience to a strategic necessity.

What is a TLS (SSL) certificate and why do you need it?

Imagine dispatching a critical document containing a confidential agreement to a customer, yet placing it inside a transparent envelope. Anyone who holds it in their hands – from the postman to random bystanders – can read the contents. On the internet, the opposite of this behaviour is the use of a TLS certificate (formerly SSL), which encrypts the connection between the user's browser and the server.

In practical terms, this ensures that information transmitted through web forms, authentication portals, and shopping carts is protected against unauthorised interception and modification. For an entrepreneur, this is the foundation of a website's operation – a guarantee of secure communication, brand credibility and the smooth functioning of online services.

How to check if a website has an SSL/TLS certificate? – A version for laypeople

Just look at the address bar in your browser. A closed padlock icon and an address beginning with https:// indicate that the connection is secure and protected by a TLS (SSL) certificate. For customers, it guarantees that the data sent through this website is encrypted and inaccessible to unauthorised third parties.

What is the difference between SSL and TLS protocols?

The CA/Browser Forum, which establishes global internet security standards, has announced a plan to reduce the validity period of SSL/TLS certificates. Starting 15 March 2026, new certificates will be valid for a maximum of 200 days, down from the current one-year term. This is the first stage of the changes.

The schedule stipulates that by 2029, the certificate validity period will be reduced to 47 days. This decision follows the SC-081v3 vote, which was launched by Apple and approved in April 2025. It sends a clear message that online security is transitioning into an ongoing process, as opposed to a one-time event.

Who is affected by the changes to TLS (SSL) certificate validity periods?

If you operate a website with daily customer traffic, these changes are applicable to you as well. Organisations, which rely on constant availability and user trust, will be most affected by the shorter validity of TLS (SSL) certificates.

This change also bears relevance in cases where:

• you operate multiple domains or brands, each with its own website,
• you use online systems for recruitment, document signing, or customer service,
• your company uses cloud solutions, web applications or API integrations,
• you renew TLS (SSL) certificates manually based on email reminders or calendar alerts,
• the IT infrastructure was set up a long time ago and is not adapted to automated workflows.

The scale and type of the business are also significant if the website is the primary point of contact with the customer. Online stores, booking systems, subscription platforms and corporate websites must operate without interruption. With more frequent renewals, manually logging into control panels and uploading files becomes risky. Just one human error can lead to the website being blocked. This is why automation is transitioning from a convenience to a strategic necessity.

What is a TLS (SSL) certificate and why do you need it?

Imagine dispatching a critical document containing a confidential agreement to a customer, yet placing it inside a transparent envelope. Anyone who holds it in their hands – from the postman to random bystanders – can read the contents. On the internet, the opposite of this behaviour is the use of a TLS certificate (formerly SSL), which encrypts the connection between the user's browser and the server.

In practical terms, this ensures that information transmitted through web forms, authentication portals, and shopping carts is protected against unauthorised interception and modification. For an entrepreneur, this is the foundation of a website's operation – a guarantee of secure communication, brand credibility and the smooth functioning of online services.

How to check if a website has an SSL/TLS certificate? – A version for laypeople

Just look at the address bar in your browser. A closed padlock icon and an address beginning with https:// indicate that the connection is secure and protected by a TLS (SSL) certificate. For customers, it guarantees that the data sent through this website is encrypted and inaccessible to unauthorised third parties.

What is the difference between SSL and TLS protocols?

The SSL (Secure Sockets Layer) protocol was developed in the 1990s and is no longer in use, but its name persists as a shorthand term. The current standard is TLS (Transport Layer Security).

The TLS certificate you can purchase from KIR establishes a secure connection between the user's browser and the server, utilising advanced mathematical algorithms. Before transmitting data between the server and the customer's device, it selects the most secure encryption method. Technology is constantly evolving; as a result, the time required to secure a connection using the TLS protocol is becoming shorter.

OV TLS certificates verify both the domain and the company's details. Variants for multiple domains or wildcard certificates are available, which also cover subdomains such as shop, customer panel, and email. The benefits are clear: increased user trust, better website visibility, seamless transaction processing, and compliance with the requirements of modern browsers.

Why is automatic SSL/TLS renewal the standard today?

Following the CA/Browser Forum's decision to shorten certificate validity periods, manual renewal is becoming risky and burdensome. The ACME (Automated Certificate Management Environment) protocol automates this process, as it works similarly to a streaming platform subscription. The system autonomously monitors the expiration of the TLS (SSL) certificate, facilitating timely renewal and installation without requiring manual intervention.

For an entrepreneur, this translates into fewer responsibilities, the elimination of manual reminders, and increased assurance of uninterrupted website operation. ACME is particularly effective in environments where certificates have shorter validity periods or where multiple domains and subdomains are in use.

By implementing the ACME protocol, you streamline processes, save your team's time, and support the stable operation of online services. Automating the renewal process is becoming a standard that represents an investment in credibility. For companies with more than one domain, the investment will pay off quickly.

Why do TLS (SSL) certificates have shorter validity periods?

The decision by the CA/Browser Forum, an organisation dedicated to upholding internet security standards, is a deliberate move. In April 2025, thanks to an initiative by Apple, a plan was approved that changes the way websites are protected forever. The primary goal of shortening certificate validity period from 2 years to just 200 days (and ultimately to 47 days by 2029) is the desire to create an internet where security is not a one-time action, but a continuous process.

Increased frequency of TLS (SSL) certificate renewals will require:

• regular verification of company credibility and active domains, which promotes transparency in the e-commerce ecosystem,
• regular encryption key rotation, which strengthens security and is critical given the upcoming challenges posed by quantum computers,
• updating security standards, as servers must use the latest cryptographic algorithms.

Implementing these changes will help protect online transactions and secure digital document circulation. While this may sound like an additional challenge for many business owners, it will actually optimise security processes.

How to prepare your company for shorter TLS (SSL) certificate validity periods?

Whether your company operates in Warsaw, Szczecin, or serves customers across all of Poland, the first stage of reducing TLS (SSL) certificate validity period to 200 days will take effect on 15 March 2026. Although the final phase – a 47‑day validity cycle planned for 2029 – is still some time away, proactively optimising renewal processes is strongly recommended already today.

How to ensure your company smoothly adapts to the new standards:

• Map your assets by determining how many certificates and subdomains you have and where they are being used. Such a list enables you to monitor renewal deadlines and determine whether you are maintaining certificates for websites that are no longer in use.
• Determine who is responsible for TLS (SSL) renewals. Dispersed responsibility for certificates increases the risk of errors and missed deadlines.
• Ask your IT administrator if your server supports the ACME protocol
• Check the time-intensiveness of renewals. For companies managing multiple SSL certificates, manually uploading security updates can eventually paralyse the IT team's efficiency. In such cases, you should plan the implementation of automation, specifically the ACME protocol.
• Take care of your network infrastructure and check if your servers support the latest encryption standards.

Finally, it is worth viewing certificates not as a one-time purchase, but as a process similar to periodic settlements or data backups. Shorter validity means higher frequency, but also greater predictability, provided that the process is automated and well-designed.

Avoid leaving automation to the last minute

The changes will take effect regardless of your organisation’s level of readiness. It is up to you whether you treat them as a nuisance or as an opportunity to streamline your processes. Implementing automatic SSL/TLS certificate renewal with the ACME protocol allows you to fulfil the obligation while taking it off your mind for years.

It is worth remembering that certificates purchased or renewed before 15 March 2026 retain their one-year validity period. If you want to avoid website downtime, "not secure" website warnings, and the stress of tracking deadlines, automate the process right now.

At KIR, a trusted service provider, you can not only purchase or renew a TLS (SSL) certificate but also integrate your infrastructure with additional tools for securing corporate documents, such as qualified e-signatures and e-seals. Check how you can benefit from the support provided by properly selected technology.