with the future SSL certificate lifespan getting reduced to 47 days, how are you going to deal with these changes? are you going to take over the SSL cert management? or give us a way to automate these renewals?The depreciation schedule is now as follows:March 15, 2026: Newly issued certificates, including their Domain Control Validation, aka DCV, will have to be renewed every 200 days. March 15, 2027: That lifespan will go down to 100 days. March 15, 2029: New SSL/TLS certificates will be limited to 47 days, and 10 days for DCVs.

Question

upcoming SSL certificate changes - Automation

Forum|Forum|11 months ago
April 25, 2025
4 replies
81 views

andy.snailham
Novice I

with the future SSL certificate lifespan getting reduced to 47 days, how are you going to deal with these changes? are you going to take over the SSL cert management? or give us a way to automate these renewals?

The depreciation schedule is now as follows:

March 15, 2026: Newly issued certificates, including their Domain Control Validation, aka DCV, will have to be renewed every 200 days.
March 15, 2027: That lifespan will go down to 100 days.
March 15, 2029: New SSL/TLS certificates will be limited to 47 days, and 10 days for DCVs.

D

dbhaskar
Novice III
Forum|Forum|13 days ago
March 23, 2026

Hi @andy.snailham have you managed to find more information on this? I am very curious about this as well as we are trying to come up with a scalable solution to manage this.

Like

A

andy.snailham
Author
Novice I
Forum|Forum|13 days ago
March 23, 2026

Hi @andy.snailham have you managed to find more information on this? I am very curious about this as well as we are trying to come up with a scalable solution to manage this.

yeah looks like they have given us the option now in the console, under domains. if you switch it to this option they take care of the ssl cert.

Like

D

dbhaskar
Novice III
Forum|Forum|13 days ago
March 23, 2026

Thank you so much for letting me know!

Like

guido.pili
Docebian
Forum|Forum|3 days ago
April 2, 2026

As already shared by @dbhaskar, if your policies allow DV, moving to the platform-managed TLS option is the best way to insulate yourself from the operational impact of these upcoming validity changes.

If you require OV/EV certificates from providers such as DigiCert, Sectigo or GlobalSign, those still need to be uploaded and renewed manually in the platform. Introducing fully automated lifecycle management for OV/EV is significantly more complex because these certificate issuance and organizational validation are controlled by you and your Certificate Authority of choice. While deployment and expiry monitoring can be automated, renewal requires external actions that are outside the platform’s control.

We are aware of the burden this will create and are actively discussing how we can better support that use case going forward.

Like

Still haven't found what you're looking for?

Sign up for Docebo Community

Log in to Docebo Community

Scanning file for viruses.

This file cannot be downloaded