Learn how to prepare with Automation to avoid outages, ensure security, and maintain trust
By March 2026, TLS Certificate lifespans will shrink from 398 days to just 200 days. By 2029, they will be reduced to just 47 days. This change, driven by the CA/Browser Forum(2) and backed by major browser vendors, will make manual certificate management nearly impossible. If your organization uses HTTPS, now is the time to plan for automation or risk outages and security lapses. TLS certificates are what enable websites to use HTTPS, the secure version of HTTP that encrypts data in transit between a user’s browser and a website. This encryption is critical. It prevents sensitive information like passwords, credit card numbers, and personal data from being intercepted and read by anyone monitoring the network, such as attackers using packet sniffing tools on public Wi-Fi or compromised networks. Without HTTPS that data is transmitted in plain text and is vulnerable to exposure. These certificates are crucial in enabling trust between clients and servers. HTTPS is used as a default protocol by 87.6% of all websites, according to Web Technology Surveys(1).
The new schedule for TLS certificate lifetimes is as follows(3):
- Until March 15, 2026: 398 days
- From March 15, 2026: 200 days
- From March 15, 2027: 100 days
- From March 15, 2029: 47 days
This shift will impact any organization that relies on TLS certificates, whether for websites, infrastructure management portals, VPN gateways, or internal applications. And chances are, that includes you. Managing certificates manually is already a complex task with a 398-day lifespan; when that window shrinks to just 47 days, the margin for error disappears. Without automation, the risk of service outages due to expired certificates will rise sharply, potentially disrupting operations and eroding user trust. Now is the time to prepare, before short lifespans become the new standard.
Here’s a practical roadmap to prepare for the 47 day certificate lifespan:
Awareness & Stakeholder Buy-In
- Educate internal teams and leadership about the upcoming changes.
- Get buy-in for cross-team project to work towards automated certificate management.
Inventory & Discovery
- Use automated scanning tools to scan and inventory certificates across your environment, both internally and externally.
- Capture details such as:
- Software, Application, etc where the certificate is used
- IP address
- Common Name (CN)
- Certificate Provider that issue the certifcate
- Expiration dates
- Criticality of the asset/business impact of expired certificates
The step is crtiical for identifying high risk assets and planning automation priorities.
Automation Strategy
Evaluate automation options:
- Research available automating in-house using protocols like Automated Certificate Management Environment (ACME) vs using Third-Party tools for purchase like Certificate Lifecycle Managers (CLM).
- Be sure that the chosen tool will be able to support your certificate automation needs.
- Determine which certificates can be easily automated and prioritize those with high return on investment (ROI).
Rollout & Testing
- Start with high-impact certificates (e.g., VPN portals, public-facing web apps).
- Pilot automation workflows and validate renewal success.
- Aim to get as automated as possible by March, 2026, when lifespans reduce to 200 days.
Maintenance & Reporting
- Establish monitoring and alerting for certificate status.
- Regularly review automation coverage and iterate on processes.
The move to 47-day certificate lifespans is more than a technical adjustment, it’s a strategic imperative. Organizations that embrace automation will not only avoid outages but also gain agility and resilience in their security posture.
If you’re just starting this journey, begin with a scan, build your inventory, and get your stakeholders on board. The clock is ticking, and March 2029 will be here before you know it.
References:
- Web Technology Surveys – Usage Statistics of Default protocol https for Websites, August 2025
- CA/Browser Forum Information – What Is the CA/Browser Forum and What’s Its Role?
- CA/Browser Forum Latest Requirements – Latest Baseline Requirements | CA/Browser Forum
