Skip to main content

Announcing Upcoming Changes to TLS Certificate Validity Periods

  • Updated
Announced on Rollout on
January 12, 2026 March 15, 2025

The maximum validity period for publicly trusted TLS certificates will be progressively reduced over the next several years as part of an industry-wide change driven by certificate authorities and browser vendors. 

This is not a MODX Cloud-specific policy change.

The first reduction takes effect on March 15, 2026, with additional reductions occurring through 2029.

What is changing

TLS certificate lifetimes will be shortened on the following schedule:

  • Until March 15, 2026: maximum lifetime of 398 days
  • As of March 15, 2026: maximum lifetime of 200 days
  • As of March 15, 2027: maximum lifetime of 100 days
  • As of March 15, 2029: maximum lifetime of 47 days

In parallel, the amount of time that domain validation information can be reused will also be reduced on the same timeline, making automation increasingly important.

Who is affected

These changes only affect customers using custom TLS certificates.

If you are using MODX Cloud-provided standard certificates, no action is required.

What this means for custom certificates

As certificate lifetimes shorten:

  • Certificates will need to be renewed more frequently
  • Manual renewal processes will become more difficult to manage reliably
  • Missed renewals increase the risk of certificate expiry and service interruption

While the shortest (47-day) lifetime does not take effect until 2029, the first reduction in 2026 already represents a significant operational change for custom certificate workflows.

Our recommendation

We strongly recommend using standard MODX-provided certificates, which are:

  • Free
  • Automatically issued
  • Automatically renewed
  • Designed to adapt to shorter certificate lifecycles

Standard certificates remain the simplest and most reliable option for most sites as certificate lifetimes continue to decrease.

What you should do now

  • Confirm whether your site uses a custom TLS certificate
  • Evaluate whether a standard MODX certificate meets your requirements
  • If you plan to continue using a custom certificate, ensure your renewal process is automated and can support increasingly short validity periods

We will provide additional guidance as future milestones approach.

If you have questions or would like help reviewing your current configuration, please contact support.

Related articles