1. ZeroSSL
  2. Getting Started
  3. General Information

What Is an Annual Certificate?

An Annual Certificate is ZeroSSL’s new name for what was previously known as a 1‑year SSL/TLS certificate.

Due to new industry rules, Certificate Authorities can no longer issue a single certificate valid for a full year. Instead, the maximum allowed validity for each certificate is now 200 days.

Because of this shift, ZeroSSL now issues annual certificates in two shorter periods instead of one 365‑day certificate. Your overall experience and coverage remain the same, only the issuance cycle has changed.

Why the Change?

Starting March 15, 2026, the maximum lifetime for newly issued publicly trusted TLS/SSL certificates is reduced to 200 days, as part of an industry-wide policy update. 

Many certificate authorities issue certificates with 199 days validity to avoid exceeding the limit by seconds. 

Because of this, a "1‑year certificate" can no longer be issued in a single file. The Annual Certificate model lets us stay compliant while still giving you a full year of protection.

annual-certificate-(1-year-plan).png

 

How Annual Certificates Work

Annual Certificate allows ZeroSSL to keep offering an 1-year certificate experience, meaning you still get longer-term coverage within using 1 certificate credit, even though certificates themselves are now issued in shorter validity segments. This is especially helpful compared to managing shorter-lived certificates, such as certificates with a 90-day validity. 

When you create an Annual Certificate:

  • You receive your first certificate with up to 199 days of validity.
  • When that certificate is close to expiring ( 30 days before expiration), a reissue window opens, and you can reissue to receive the remaining  coverage for the rest of the year.
  • This will result in two certificate files per single annual certificate.
📝Annual Certificates are a strong substitute for the former 1‑year certificates. especially for individuals or organizations that still require manual installation and prefer fewer certificate changes per year. If you want to reduce manual work further, we recommend using ACME automation or the ZeroSSL REST API to automate issuance and reissuance of your certificates.


What stays the same

  • You still get 12 months of SSL/TLS coverage.
  • No extra cost for mid‑term reissuance.
  • Credits work the same way as before: reissuance is required under the new rules but does not consume extra credits.

Upcoming Additional Validity Changes

The industry is not only transitioning to 200‑day certificates. Even shorter certificate lifetimes are already confirmed as part of the same policy update. The CA/Browser Forum has officially adopted a staged reduction in certificate validity as follows:  

  • March 15, 2026: Maximum certificate lifespan drops to 200 days (often issued as 199 days in practice).
  • March 15, 2027: Maximum certificate lifespan drops to 100 days.
  • March 15, 2029: Final maximum lifespan drops to 47 days.

ZeroSSL will adjust the platform in accordance with each phase and communicate updates well before enforcement dates.

You don’t need to take any action right now. All required adjustments to issuance and reissuance will be handled within ZeroSSL.

If you have questions, our support team is here to help.



Was this article helpful?
0 out of 0 found this helpful