Do I have until March 15, 2026 to acquire a certificate with a 395 day lifespan?
No. Sectigo has indicated they will cutover to the new 199 day lifespan on Friday March, 12, 2026. All SSL/TLS certificates issued starting on March 12, 2026 will have the 199 day lifespan.
I have a certificate that expires before March 15, 2026. How does this impact me?
All certificates renewed prior to March 12, 2026 will have a 395 day lifespan consistent with the pre-changeover standard.
I have a certificate that expires on March 15. What will happen when I renew?
It will be renewed with a 199 day lifespan
I have an existing certificate that expires after March 15, 2026. How does this affect me?
The upcoming changes apply to certificate issuance, not validation. That means if you get a 395 day certificate before the cutoff(before March 15, 2026), browsers will continue to trust it until it naturally expires, even if that’s after the new limits kick in.
Do you have automated certificate renewal solutions I can use?
OIT Security has an active project underway to deliver certificate automation solutions to campus in the next few months. Please reach out to us at security@colorado.edu to express your interest in utilizing the automated renewal mechanism under development. We will contact you when the solution is ready and prepare you for onboarding.
I’m receiving more certificate expiration notifications than before. Why is this happening?
Certificate expiration notifications are now sent at additional intervals to provide earlier and more frequent reminders. Notifications are issued at 60, 30, 15, 7, 5, 3, and 1 days prior to certificate expiration. If a certificate has been replaced or is no longer in use, you can revoke the old certificate in the Sectigo Web Portal, which will stop further notifications
Why is my 200‑day certificate issued for 199 days?
Although CA/B Forum Ballot SC‑081v3 permits a maximum TLS certificate validity of 200 days, Certificate Authorities intentionally issue certificates with a 199 day validity period. This one day reduction is an established industry practice designed to prevent accidental non compliance caused by clock skew or timestamp precision issues.
