Sometime in the past few months, the rules around SSL/TLS certificates changed. If your team is still managing certificates by hand, now is a good time to look at how that process holds up from here.
What changed and when
The CA/Browser Forum, the industry body that sets the rules for public certificates, voted in April 2025 to shorten maximum certificate validity in three steps. All four major browser vendors — Apple, Google, Mozilla, and Microsoft — voted in favour.
The schedule looks like this:
March 2026: maximum validity drops to 200 days (already in effect)
2027: maximum validity drops to 100 days
2029: maximum validity drops to 47 days
The first step hit in March 2026, with some certificate authorities moving even earlier. Any new certificate issued today is valid for roughly six months, not thirteen.
Why manual renewal no longer works
Until recently, a 398-day certificate meant one renewal per year. One calendar reminder, one manual process, one installation. For a small number of domains, that was manageable.
At 200 days, you are renewing roughly twice a year. At 47 days, you are renewing eight times a year per certificate. If your organisation runs 20 domains, that is 160 renewal operations annually. Each one carries the same risk: a missed renewal means a certificate expires, a browser throws an error, and users cannot reach your service.
The real problem isn’t complexity or the task being difficult. It’s that work like this wastes good people.
Automation handles this without the overhead
The good news is that the tooling exists and works well. AWS Certificate Manager issues and renews public certificates automatically, at no additional cost, and integrates directly with services like CloudFront, ALB, and API Gateway. Azure and GCP offer equivalent solutions through Azure Key Vault certificate management and Google-managed SSL certificates.
The pattern is the same across all three: you define the certificate, point it at your domain, and the platform handles renewal before the expiry date.
How Cloud2 can help
For Cloud2 Managed Cloud Platform customers, we can take this off your plate entirely. We set up automated certificate management as part of your platform configuration, monitor validity across your domains, and make sure renewals happen without you having to think about it.
If you are not yet a Managed Cloud Platform customer but certificate management is currently a manual process at your organisation, we are happy to talk through what automated setup would look like in your environment.
Reach out to your Cloud2 contact, or get in touch at cloud2.net.
