Let's Encrypt SSL Certificate Lifetime Reduced to 45 Days

> **📅 Son güncelleme / Last updated / Ultima actualizare:** 2026-05-11 TL;DR: Let's Encrypt is shrinking SSL certificate lifetimes from 90 days down to just 45 days — and if you're not using automated renewal, your site could go dark without warning. The change rolls out in two phases: 64-day certificates first, then 45-day certificates. That means site owners relying on manual renewal will need to act roughly **8 times per year** instead of 4. The core reason is security: shorter lifetimes limit the exposure window if a private key is ever compromised. For the vast majority of website owners, this change is invisible — **if** your hosting provider handles automated renewal. If not, the risk of certificate expiry (and the SEO penalties, browser warnings, and lost trust that come with it) increases significantly. Read on to understand the exact timeline, what you need to check today, and how to make sure you're fully covered.

Let's Encrypt SSL Certificate Lifetime Changing: What You Need to Know?

Let's Encrypt, the free SSL certificate service provider, has announced an important decision to shorten the certificate validity period. This change will first reduce from 90 days to 64 days, and then further to 45 days. This development represents a new operational workflow for web administrators and hosting providers.

Why Is Let's Encrypt Shortening the Period?

There are several important reasons behind Let's Encrypt's decision:

• Security: Shorter certificate lifetime reduces risk in case of certificate key compromise
• Encouraging Automation: Directs website administrators to use automatic renewal systems
• Best Practices: Makes industry standards more secure
• Certificate Revocation: Provides faster resolution in case of problems

Why Is SSL Certificate Automation Critical?

Shorter validity periods make automatic renewal mechanisms even more important. Professional hosting providers like EastWeb.ro offer tools such as Certbot to enable customers to automatically renew SSL certificates. Manually renewing certificates every 45 days is impractical and often leads to certificate expiration risks.

How Does SSL Management Work at EastWeb.ro?

EastWeb.ro offers Let's Encrypt SSL certificates in its hosting and VPS services, and you can fully automate the process. You can enable SSL with just a few clicks in the control panel, and renewal occurs automatically in the background. This way, you won't be affected by the new 45-day period at all.

Practical Advice for Site Administrators

• Enable Automatic Renewal: Take advantage of your hosting provider, avoid manual management
• Turn On Email Notifications: Receive alerts 30 days before certificate expiration
• Set Up Monitoring: Monitor certificate status with tools like SSL Labs
• Check Cron Jobs: If you use Certbot on your own server, verify that the renewal task is working correctly

2024-2025 Transition Timeline

Let's Encrypt's transition plan is as follows:

• March 2024: Transition from 90 days to 64 days
• September 2024: Transition from 64 days to 45 days

After these dates, new issuances will begin with the shorter validity period. Certificates already in production will continue under the old rules until their final expiration date.

Conclusion

While Let's Encrypt's decision increases internet security, it requires more attention from web administrators. By working with modern hosting providers like EastWeb.ro, implementing automatic SSL management will allow you to navigate all these changes transparently. If you don't yet have an automatic SSL renewal system in place, it's important to set one up before the 45-day period takes effect.

--- ## Frequently Asked Questions ### Why is Let's Encrypt reducing SSL certificate lifetime to 45 days? Let's Encrypt is shortening certificate validity to improve security across the web. A shorter lifetime limits the damage window if a certificate's private key is ever compromised — the exposed window drops from up to 90 days to a maximum of 45 days. It also strongly incentivizes site owners and hosting providers to adopt fully automated renewal systems, which are more reliable than manual processes and align with emerging industry best practices around certificate agility. ### What is the exact rollout timeline for the 45-day SSL change? The transition happens in two phases. In the first phase, certificate lifetime moves from 90 days to 64 days. In the second phase, it drops further to 45 days. Certificates already issued before each cutoff date will remain valid under their original terms until they naturally expire. Only newly issued or renewed certificates will reflect the shorter validity period after the respective phase takes effect. ### Will my existing SSL certificate be affected immediately? No. Certificates already in production continue to run under the validity period they were issued with, right up until their expiration date. The shorter lifetimes apply only to certificates issued after each phase-in date. However, once your current certificate expires and renews, it will be issued under the new 45-day rule — so your automation must be in place before that renewal happens. ### Do I need to manually renew my SSL certificate every 45 days? You should not have to. Automated renewal tools like Certbot — available on Linux servers — handle this entirely in the background, typically renewing certificates when around 30 days of validity remain. Hosting providers that properly support Let's Encrypt, including those offering managed shared hosting or VPS environments, automate this process so customers never need to intervene manually. Manual renewal every 45 days is impractical and carries significant expiry risk. ### How do I know if my SSL certificate renewal is already automated? The quickest way is to check your hosting control panel (cPanel, Plesk, or a custom panel) for an SSL or Security section — look for a setting that says "Auto-Renew" or "AutoSSL" and confirm it is enabled. If you manage your own server, run `sudo certbot renew --dry-run` to verify that Certbot's renewal logic executes without errors. You can also inspect your cron jobs or systemd timers to confirm the renewal task is scheduled correctly. ### What happens to my website if my SSL certificate expires? All major browsers — Chrome, Firefox, Safari, Edge — will immediately display a full-page security warning blocking visitors from reaching your site. This warning cannot be dismissed easily by regular users and causes an immediate and severe drop in traffic and conversions. Search engines may also demote pages served over expired HTTPS. Recovery requires issuing a new certificate and waiting for DNS and CDN caches to propagate, which can take minutes to hours depending on configuration. ### Does the 45-day limit apply to all SSL certificate types, or just Let's Encrypt? The 45-day change announced here applies specifically to certificates issued by Let's Encrypt, which is the world's largest free certificate authority and the default option for most hosting providers. Paid certificates from commercial CAs such as DigiCert, Sectigo, or GlobalSign are not directly affected by this announcement and still offer one- or two-year validity options. However, broader industry movements — including a CA/Browser Forum ballot — suggest that shorter maximum lifetimes may eventually apply across all certificate authorities. ### Is a 45-day SSL certificate less trustworthy than a longer one? Not at all — certificate lifetime has no bearing on the cryptographic strength or the validation level of the certificate. A 45-day Domain Validated (DV) certificate from Let's Encrypt provides the same encrypted connection as a 12-month certificate from a paid CA. The shorter lifetime is a security feature, not a limitation. From a visitor's perspective, the padlock icon and HTTPS prefix look and behave identically regardless of the underlying validity period.