CA/Browser Forum – a central body of web browser makers, security certificate issuers, and friends – has voted to cut the maximum lifespan of new SSL/TLS certs to just 47 days by March 15, 2029.

Today the certificates, which underpin things like encrypted HTTPS connections between browsers and websites, are good for up to 398 days before needing to be renewed. Apple put out a proposal last year to cut the maximum time between renewals, and got support from Big Tech pals.

Their argument being that shorter renewal periods mean compromised or stolen certificates can be abused for at the most days or weeks rather than months before expiring. On the one hand, that may mean more purchases from certificate issuers for cert holders; on the other, Let's Encrypt provides perfectly good certificates for free and also helps automate the renewal process.