intention to match Apple’s changes with its own root program.
Starting on September 1, SSL/TLS certificates cannot be issued for longer than 13 months (397 days).
There’s also a browser-driven ballot that seeks to align the industry’s baseline requirements with the new root program changes. That issue’s currently being debated by the Browser Forum — we’ll be sure to keep you posted on new updates.
There are 2 primary benefits for a shorter validity period for certificates:
Longer validity periods take longer to naturally roll out updates or changes. An example of this is the SHA1-to-SHA2 transition: unless Certificate Authorities revoke old certificates and force the customer to re-issue, it can take years before all the old certificates are naturally replaced (retiring SHA1 took 3 years).
Enhanced identity authentication — after all, the information used to validate an identity loses its trustworthiness over time. The longer between identity validation, the greater the risk.
To sum things up: a shorter-term length can lead to improved security around SSL certificates.
How this change might affect your site
If you’re using a 2-year SSL certificate that was issued before September 1, don’t fret— your certificate will stay valid until its original expiration date.
Any changes to the certificate that cause it to be reissued (like re-key or moving hosting providers) after this date will fall under this new term rule, so keep an eye on it to make sure your site isn’t without HTTPs.
Any SSL certificates that are purchased, renewed or reissued on or after September 1 will accompany a maximum validity of 1 year.
If this lapses, visitors risk seeing “Not Secure” warnings and, if they decide not to leave the site, will be exchanging information over an insecure connection.
What we're doing at GoDaddy
GoDaddy is creating SSL certificate lifecycle automation features and subscription plans that will make certificate management easier for shorter certificate lifecycles.
Customers can continue to buy extended-term subscription plans and can reissue their certificate as often as they need within the maximum allowed validity period.
In a nutshell, customers can purchase an SSL subscription for an extended time period and then simply reissue their certificate each year to update it — saving time and money.
GoDaddy will continue investing in innovations that make adapting to industry changes easier and worry-free.
To ensure visitors always see HTTPS and avoid dealing with industry changes, we also offer our Managed SSL Service. Our security experts keep a close watch on term validity and implement necessary changes. This offer also allows for purchases beyond 2 years.
If you manage this part of the site for your clients, we recommend informing them of this change and assuring them you’re on it. Managed SSL is also available within the partner program.
If your clients manage this themselves, we suggest sharing this information with them to help spread the word, or they can get in touch with us. Our Guides are happy to talk them through these changes over the phone or live chat.