In 2023, Google announced proposed changes to the maximum validity period for SSL certificates, from 398 days down to 90 days (or less). Let’s review why these changes have been proposed and how GoDaddy can help you and your business stay secure.
Understanding the basics of 90-day SSL certificates
Currently, the maximum validity period for an SSL is 398 days.
The validity period refers to the length of time an SSL certificate is valid before requiring re-verification and re-installation.
Google is encouraging the adoption of SSL certificates with shorter issuance terms because a shorter validity period can reduce the likelihood and impact of data breaches. With SSL certificates on a limited issuance cycle, it becomes more difficult for attackers to exploit a compromised (or potentially expired) SSL.
Recently, Apple joined in and proposed further lowering the SSL issuance lengths to 45 days by 2027. While their proposal is still being debated, it's clear that the industry recommendations are moving towards much shorter issuance periods than what is currently practiced.
The advantages and challenges of 90-day SSL certificates
These changes present both pros and cons for SSL certificate users. Let’s take a look at each below.
Advantages of 90-day SSLs
Limits possible compromise exposure
A shorter issuance lifespan helps improve security by limiting the time a potentially compromised certificate can be used. Compromised SSL certificates can be exploited by attackers, but by renewing certificates more frequently, users and organizations can stay ahead of potential security threats by making sure that their websites remain protected.
With an SSL certificate that includes 90-day re-issuance terms, users get five encryption refreshes annually. Under the older one-year re-issuance certificates, encryption is only refreshed once per year, meaning better protection for the same purchase term.
Minimizes human error through automation
Most organizations would find manually renewing and installing SSL certificates every 90 days a monumental task(especially for organizations that have dozens or even hundreds of SSLs).
To improve the customer experience, certificate authorities will begin to introduce automation for re-issuance and re-installation, thus reducing the potential for human installation or configuration errors.
Challenges of 90-day SSLs
Potential for oversights
Frequent renewals increase the risk of human error or oversights. Businesses may inadvertently allow certificates to expire, leading to website downtime or security vulnerabilities.
Integration with existing systems
Implementing 90-day SSL certificates may require modifications or updates to existing website infrastructure or server configurations. This can be time-consuming and potentially disruptive to small businesses.
The role of automation in managing 90-day SSL certificates
With validity periods for SSLs shortening, automation for SSL management is a necessity. Here are just some of the headaches that automation for SSLs solves:
| Reduced administrative burden | Automated renewal processes eliminate the manual tasks of renewing certificates, freeing businesses to focus on other critical tasks. |
| Improved security | Automation helps ensure that certificates are renewed promptly, preventing security gaps that could occur from expired certificates. |
| Enhanced reliability | By automating renewals, businesses can reduce the risk of website downtime due to expired certificates. |
| Scalability | Automated renewal processes can easily scale to accommodate growing certificate needs, making them suitable for businesses of all sizes. |
| Compliance | For businesses that must comply with industry regulations or standards that require specific SSL certificate practices, automation can help ensure compliance. |
| Centralized management | Automated renewal systems often provide a centralized platform for managing multiple certificates, simplifying certificate management for organizations with complex IT infrastructures. |
GoDaddy is helping SSL certificate owners with these changes ahead of schedule and exceeding current industry standards with our new GoDaddy Managed SSLs.
Here are the features included with our Managed SSL 90-day certificate options:
| Automated encryption refreshes | Five-time encryption refresh annually (versus one-time refresh annually for one-year certificates). |
| Managed installations and re-issuance | Get stress-free installation and automatic quarterly re-issuance and re-installation, ensuring you don't have to worry about gaps in your SSL encryption. |
| Free up your time | Saves you time that would’ve been spent installing and reprovisioning your website’s SSL on your own. |
| Enjoy peace of mind | GoDaddy ensures your SSL will be set up and functioning perfectly when our website professionals have completed the work. |
| Boost Google rankings | Without an SSL certificate set up properly, browsers and major search engines will flag your site as “Not Secure." |
| Fully supported | GoDaddy is always there for you with 24/7 support |
Preparing for the future: Embracing shorter certificate lifespans
The changes to SSL validity periods aren’t small, but GoDaddy is focused on making the transition as seamless for our customers as possible while leaning into the many positives. By embracing this shift ahead of the requirements, businesses are better able to proactively mitigate risks, enhance their security, and simplify SSL certificate management.
