Shortening Certificate Validity: Automation is a Must

Jan 23, 2026 | Jindřich Zechmeister

The TLS certificate landscape is changing rapidly. Shorter lifetimes and increased pressure for automated validation are reshaping current practices. With early changes from DigiCert and Google pushing automatic domain validation, automation is no longer optional but a necessity.

SSLmarket news

February will bring significant changes to the world of digital certificates, which should not be underestimated. CA DigiCert is responding to the requirement to shorten the validity of TLS and Code Signing certificates in advance to avoid potencial issues; therefore, the change will take effect as early as February 24. It affects not only certificate lifetimes, but also significantly shortens the period during which the completed verifications can be reused.

Diagram of TLS certificate shortening
Diagram of TLS certificate shortening

Until now, it has been common for domain or organization verification to have a longer lifespan than the certificate itself. This is now changing. The validity of domain control validation (DCV) and organization validation (OV) will be shortened, which means more frequent verification is required. For operators of a larger number of certificates, this not only represents a higher administrative burden but also a higher risk of outages if they do not prepare for the changes in time.

Moreover, Google is significantly influencing this development, as it has long pushed in the CAB forum for DCV domain verifications to be conducted exclusively automatically. Manual processes - typically emails or manual interventions - are to gradually disappear. The aim is higher security, consistency, and less room for human error, but it also means the end of the convenient "manual" world.

In practice, this leads to one inevitable conclusion: automation of the certificate lifecycle is no longer optional but necessary. If certificates and verifications are to be renewed more frequently, it simply won't work without automatic processes. Every manual step increases the risk of forgetting something, leaving the service without a valid certificate.

The solution is to deploy automation tools, whether in the form of the ACME protocol or a central tool like the Trust Lifecycle Manager. These technologies enable not only automatic issuance and renewal of certificates but also regular and unattended domain validation. In the context of February changes, they become a fundamental building block of modern certificate management.

The changes that are coming are not just a technical detail. They signal that the TLS ecosystem is shifting towards full automation. Organizations that respond to this trend in time will save themselves stress and operational risks. Others may soon find that without ACME or a similar solution, it simply will not work.

SSLmarket can fully automate the certificate lifecycle. Ask us how to do it and start today.

Previous article