Privacy Ninja

You Have Two Days Left To Purchase 2-year TLS/SSL Certificates

You Have Two Days Left To Purchase 2-year TLS/SSL Certificates


If you are looking to purchase a 2-year TLS or SSL certificate, you have only two days left before all new certificates will have a maximum 397 day validity period.

Web browser and operating system developers, such as Apple, Microsoft, Firefox, and Google, will no longer consider 2-year TLS/SSL certificates issued on or after September 1st to be valid.

Instead, all new TLS/SSL certificates issued after September 1st, 2020, will only be allowed to have a maximum validity period of 13 months (397 days).

This new restriction means that if you want to purchase a 2-year expiration certificate, you need to do it within the next two days.


Apple restricted the certificate age, everyone else followed

Security professionals and browser developers have been pushing to reduce the validity of TLS/SSL certificates from two years to one year for some time.

The reasoning behind the lower validity period is primarily for security and to prevent unauthorized users from using certs for too long:

  • Allows greater agility when phasing out certificates when vulnerabilities are discovered in encryption algorithms
  • Limits a website’s exposure to compromise as private encryption keys would be changed regularly. If a private TLS certificate is stolen, a one-year validity will limit the amount of time that a threat actor could use.
  • Prevents hosting providers or third parties from using a certificate for a long time after a domain is no longer used or has switched providers.

Certificate authorities, though, wanted nothing to do with the change and kept pushing back on the suggestion.

Apple finally got fed up and unilaterally decided that they would no longer consider TLS/SSL certificates with validity periods greater than 397 and issued on or after September 1st, 2020, as valid.

After Apple made this decision, Mozilla and Google came on board and announced that they would be following Apple’s lead on this change.

This decision ultimately forced certificate authorities to begrudgingly agree to the change in maximum validity periods.

Also read: Top 5 Importance Of Website Maintenance Singapore


What does this mean for you?

If you have existing TLS/Certificates with a validity period of greater than one year, you do not have to worry about them, and they will continue to remain valid.

If you purchase an SSL or TLS certificate after September 1st, it will only be valid for 13 months or 397 days.

Some SSL certificate providers, such as Sectigo and Digicert have already stopped issuing certificates with a 2-year validity 

Others are stopping at the end of August 31st, 2020.

Due to this, if you wish to purchase a TLS or SSL certificate that has a validity period of 2 years, you need to do it by September 1st, 2020, which is two days away.

After September 1st, you will still be able to purchase a certificate for multiple years, but this is essentially prepaying to receive a discount. You will still need to issue a new certificate every year.

Administrators forgetting to renew a certificate has led to numerous outages as of late, including one that led to an underreporting of COVID-19 cases in California and a Spotify outage.

For those looking for an automated approach to renewing certificates and automatically applying them to your web services, you can use Let’s Encrypt for free certificates and EFF’s CertBot to automate their installation and renewal.

Also read: Unbelievable Facts About NRIC Check Digit Algorithm


Leave a Reply

Your email address will not be published. Required fields are marked *


Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.

Powered by WhatsApp Chat

× How can we help you?