Skip to main content

Sectigo SSL Certificate

  • Updated

One year SSL/TLS subscriptions still work the same

Essentially you can still purchase a 1 year SSL/TLS subscription.

Your subscription has an end date, and you need to re-issue certificates as needed up to that date.

What's changing is ithe issued certificate term. After March 12, 2026, each issued certificate is valid for up to 199 days, so what is changing is that you'll be required to re-issue those certificates within your subscription more frequently.

What's changing

Beginning March 12, 2026, Domain Control Validation reuse will be limited to approximately 6 months (198 days).

  • DCV records older than this limit must be revalidated before certificate issuance 
  • Applies to both existing and newly created DCV records 
  • Although the Certification Authority Browser Forum (CA/Browser Forum) has set this mandate for March 15, 2026, Sectigo’s operational enforcement begins March 12, 2026 

Why this change is happening

DCV confirms that a requester controls a domain. Historically, DCV could be reused for longer periods, which increased risk if domain ownership or control changed over time.

Reducing DCV reuse:

  • Limits the impact of stale validations
  • Reduces attack windows by limiting how long a “one-time” validation could be reused and therefore, reducing the chance of ongoing misuse
  • Improves overall trust in the certificate ecosystem 

What customers should know

  • Existing certificates remain valid until expiration
  • No new certificate may be issued after March 12th relying on the DCV that was completed more than 198 days ago
  • Validation will need to happen more frequently going forward 

How Multicert helps customers stay ahead

The SSL certificate will be issued with the maximum legally permitted validity of 199 days. Fifteen days before its expiration, Sectigo — a SIBS Multicert partner — will automatically issue a new certificate covering the remaining validity period until the end of the one-year subscription term, at no additional cost. The updated certificate will be delivered by email and must be installed promptly to ensure uninterrupted service.

Steps to Reissue or Replace SSL Certificate

Step 1: New Certificate issuance - Fifteen days before its expiration, Sectigo will automatically issue a new certificate covering the remaining validity period until the end of the one-year subscription term, at no additional cost.

Step 2: Updated certificate delivery - The updated certificate will be sent by email to the person responsible for the certificate.

Step 3: Instalation of the new certificate - The new certificate must be installed before the current certificate expires.