How Can We Help?

Maximum certificate term of 27 months

You are here:

FAQ: Maximum certificate term of 27 months

Why is Sectigo no longer issuing 3-year certificates?

A: This is an industry-wide policy that affects all certification bodies. In accordance with the CA / Browser Forum Essential Requirements, March 1st st 2018 Certification Bodies (CAs) can no longer issue SSL certificates with a validity period that is longer than 27 months.


Q: When does the maximum term of 2 years take effect?   

A: 1. March 2018


Q: Is Sectigo the only certification body that no longer issues 3-year certificates?

A: No, the requirement applies to each certification authority. If a certificate is issued after March 1st st 2018 with a validity period of more than 27 months, then the issue of CA will be in violation of the requirements.


Q: Can I renew a 3-year certificate and get another for the same duration?

A: Yes, you can renew or replace an existing 3 year certificate after March 1st, 2018, but to make the full duration, we will issue a certificate for 27 months then a second certificate valid for that remaining time. For example, if you renew / replace a 3-year certificate, we issue a 2-year certificate, followed by a 1-year certificate when the first expires.


Q: What if I have already paid for 3 years? Is this purchase rewarded?

A: Yes. If you bought the certificate st 2018 before March 1st, then nothing will change. Your 3-year certificate remains valid for the entire lifespan. If you choose to replace this certificate after March 1st, st 2018, or it comes to renewal, then the new laws come into play.

In total:

  • If you bought a 3 year certificate before March 1st, 2018 nothing will change. The certificate remains valid throughout its life.
  • Wenn Sie ein vorhandenes 3 Jahre Zertifikat nach dem 1. April erneuern / ersetzen, dann werden wir zunächst ein 2 – Jahres – Zertifikat ausstellen. Kurz vor dem Ablauf stellen wir ein weiteres Zertifikat aus, das für die verbleibende Zeit gültig ist. Sie können dieses zweite Zertifikat anfordern, indem Sie sich in Ihrem Konto anmelden und auf den Link «Ersetzen» klicken, wenn das zweijährige Zertifikat fast abgelaufen ist.
  • All new certificate purchases after March 1st, 2018 for a maximum of 27 months.


Q: Does the maximum term of 2 years apply to all certificate types (single domain, placeholder, extended validation and UCC / MDC)?

A: Yes, it applies to all website certificate types. EV certificates have a maximum term of 2 years anyway, so they are already compliant. However, S / MIME & Code Signing certificates can still be issued with a 3-year term.


Q: Does the code signing certificate limit apply?

A: No, the limit does not apply to code signing or EV code signing certificates that retain a 3 year maximum validity period.


Q: How do I get the remaining time if I renew / replace a 3 certificate after March 1st, 2018?

A: Wenn Ihr erstes 27-monatiges Zertifikat fast abgelaufen ist, melden Sie sich bei Ihrem Konto an, suchen Sie Ihre Bestellung und klicken Sie auf den Link «Ersetzen». Sie erhalten ein Zertifikat, das für die verbleibende Zeit gültig ist.


For official notifications and additional information, please visit TLS / SSL Maximum Validity Period Policy Change

Previous CAA record - CA authority
Next SSL certificates with internal domain names and reserved IP expiry guidelines
Table of Contents