Today, Let's Encrypt — the world’s largest provider of free SSL/TLS certificates — announced that SSL certificate validity will be cut in half by 2028, reducing the current 90-day lifespan to just 45 days. According to Let's Encrypt, this change is meant to improve the security and reliability of SSL/TLS certificates, reducing risks such as brute-force attacks and private key leaks.
Right now, millions of personal and small-business websites rely on free Let's Encrypt certificates. To avoid disruptions, site owners are advised to use ACME clients and automated scripts for certificate renewal instead of replacing certificates manually every few weeks. You can also switch to ZeroSSL or GTS SSL, which still offer free 90-day certificates. Below is the official transition timeline from Let's Encrypt:
- Starting May 13, 2026 – the
tlsserverconfiguration begins issuing 45-day certificates - February 10, 2027 – the default
classicconfiguration switches to 64 days - February 16, 2028 – all certificates move to 45 days, and domain authorization reuse drops from 30 days to 7 hours
Comments NOTHING