Synergy Wholesale
SSL Certificates/SSL Certificate Validity Period Changes
SSL Certificates
··5 minute read

SSL Certificate Validity Period Changes

This article will go over the SSL certificate industry change to shorter validity periods, what it means for you and how Synergy Wholesale is adopting this change.

What is changing and why?

In April, 2025, the CA/Browser Forum approved a motion to reduce public SSL certificate validity periods down to 47 days by 2029 to improve cryptographic security as longer SSL certificate lifespans can introduce extended vulnerability windows. By reissuing SSL certificates at frequent intervals, it will enable faster key rotations and algorithm updates which lowers security risks and ensures that SSL certificates remain trusted. Especially due to the impending shift to post-quantum cryptography and current depreciating cryptographic algorithms.
If you would like to read more on this industry-wide change, you can refer directly to the CA/Browser Forums ballot. For specific details on how these changes affect our certificates, please refer to the compliance notice from our issuing CA, Sectigo.

SSL certificate validity timelines

The SSL certificates we offer with Sectigo currently have a validity period of 1 year. This validity period will gradually shift down to 46 days over 3 years. While the CA/Browser Forum mandates a shorter validity period starting March 15, our issuing CA Sectigo will implement a 199-day certificate validity maximum early beginning March 12, 2026. This ensures all our issued certificates remain fully compliant ahead of the global deadline. The below table outlines the rollout dates and maximum validity periods:
Certificate issued on or after Certificate issued before Maximum validity period DCV Data Reuse Changes
March 12 2026 398 days
March 12 2026 March 12 2027 199 days 198 days
March 12 2027 March 12 2029 100* days 100* days
March 12 2029 47* days 10* days
* This date represents the industry-wide deadline set by the CA/Browser Forum. Please note that our issuing CA, Sectigo, may enforce these changes earlier than the industry standard to ensure full compliance ahead of the mandate. We will update this table with Sectigo’s specific enforcement dates as soon as they are confirmed.

The SSL order & reissue process with Synergy Wholesale

Synergy Wholesale will still be offering SSL certificate orders for the same duration of 1 year but it will look a bit different. As we aim to make it as easy as possible for partners, we are automating the reissue process. Here is how it works:
  1. Order an SSL certificate: Place an order for your SSL certificate of your choice for a duration of 1 year.
  2. Complete the SSL certificate validation process: Once placed, you will go through the SSL certificate validation process as per normal.
  3. 199 day SSL certificate issued: Once validation is complete, you will get issued a SSL certificate with a validity period of 199 days.
  4. Automatic reissue: Once 199 days remain on the annual order, we will use your existing SSL certificate validation data and CSR to automatically reissue a new certificate for you to cover the rest of the year. Providing sufficient time to install the new SSL certificate before the current one expires and bypassing re-validation.
  5. Install the new SSL certificate: Once the new SSL certificate is issued, we will email the new SSL to the SSL contact and BCC you. You can then install the new SSL certificate as normal. Once installed, the new SSL will be valid for the remainder of the annual order.
SSL Validity flow chart
Since we reuse your current certificate's CSR for the reissue, the Private Key is the same. As such, please use the same Private Key when installing the new SSL certificate.
  • If the CSR was generated within Synergy Wholesale: The Private Key is saved within the certificate's overview page (Under 'SSL certificates' → 'Manage' → 'Overview' on the certificate).
  • If the CSR was generated externally: You should have a copy of the Private Key saved. If you don't have it, you can check the web server itself where you installed the previous SSL, otherwise you may have to regenerate the CSR.

Email templates

Due to the automatic reissue process, we have added a new email template which you can customise under 'Account Functions' → 'Email Templates'. This email template is:
  • SSL - Automatic Reissue Successful
By default, this email will send to the SSL contact email address and BCC you if you choose to. If you would like to turn this off, you can uncheck the 'Receive a Copy? (BCC)' tick box at the top of the email template while editing. SSL reissue Email Template

Frequently asked questions

Why don't I have to re-validate the SSL certificate for the reissue?

Since we are re-using the same CSR and the first SSL certificate issued was validated within 198 days, the same validation data is able to be re-used for the re-issued SSL certificate, effectively bypassing the validation process.

Once the SSL certificate is automatically reissued, is the previous certificate still valid?

In short, yes! Once the SSL certificate is reissued, the previous certificate will remain valid until it expires and will not be revoked. This will give you maximum overlap between the two which provides plenty of time to install the new SSL certificate!

Can I provide my own CSR for the automatic reissue?

Yes, however the reissue will have to be done manually, you can follow this guide here to help do this. The SSL certificate may be re-validated. Once the SSL certificate is reissued, you will be issued a certificate with a 199 day validity.

The exception to this is if your order has less than 199 days remaining, which the reissue will be valid until the orders end date.

Can I reorder my SSL certificate to get longer coverage on the current order?

No. Re-ordering is the same as a new purchase; it creates a separate order which may require full re-validation like a new SSL certificate.