What is the new maximum lifetime for SSL/TLS certificates?

47 days, enforced by March 2029 via CA/Browser Forum Ballot SC-081v3.

Why can't we rely on certificate revocation anymore?

CRLs balloon too big, OCSP's unreliable and privacy-invasive—clients ignore it, so expiration's the reliable kill switch.

How do I prepare my site for 47-day certificates?

Automate with certbot, cert-manager, or cloud ACM—renew at 60-70% lifetime, test chains regularly.

⚙️ DevOps & Platform Eng

47-Day SSL/TLS Certificates: Security's Shrinking Lifeline and What It Means for Your Stack

Buckle up: SSL/TLS certificates are hurtling toward a 47-day maximum lifetime. What everyone thought was Let's Encrypt's quirky 90-day habit? It's the new normal, turbocharged.

theAIcatchup Apr 11, 2026 4 min read

Timeline chart of shrinking SSL/TLS certificate maximum validity periods from 10 years to 47 days

⚡ Key Takeaways

SSL/TLS cert lifetimes drop to 47 days by 2029 due to broken revocation systems. 𝕏
Automate renewals now—tools like cert-manager make it painless. 𝕏
This forces zero-touch ops, accelerating AI-driven infrastructure. 𝕏

Published by

theAIcatchup

Ship faster. Build smarter.

#CA/Browser Forum #Let's Encrypt #SSL/TLS certificates #Web PKI #certificate lifetimes #certificate revocation

Worth sharing?

Get the best Developer Tools stories of the week in your inbox — no noise, no spam.

Originally reported by dev.to

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

SSL Certs Down to 47 Days by 2029: The Forced March to Automation

Dead Code Erased $440 Million from Knight Capital in Just 45 Minutes

systemd-oomd: Linux's New Guardian Against Memory Meltdowns

PySpark Joins: Unlock Speed Secrets Hidden in Spark's Optimizer

Stay in the loop