I received an update from Sectigo about an upcoming change in TLS/SSL certificate validity—after March 12, 2026, it will reduce to a maximum of 199 days. This has made me realize that I need to automate our certificates, since we currently manage a few but the manual process can be tedious. I'm looking for suggestions on the best ways to automate certificate management. Any tips or insights from your own experiences would be greatly appreciated!
3 Answers
Remember, 199 days is just a temporary measure; it's going to shrink to 49 days eventually. Automating your certificates is crucial, and you still have some time to sort it out. Don't delay too much!
Using Certbot along with Let's Encrypt is a solid choice. They support automatic DNS challenges for cert renewal, and since their certs are valid for only 90 days, the shorter validity period isn't really a major obstacle for automation. Just set it and forget it!
Also worth noting that Let's Encrypt's max validity is going down to 45 days soon, so staying automated is key.
Your automation approach can vary based on your environment. In our case, we're using Ansible for automating certificates, but some setups may use load balancers with public certs of shorter lifespans while maintaining a private PKI internally. Evaluate what fits your needs best! DigiCert also offers an automation agent for cert transitions.
If you're on Azure, Acmebot could be helpful for managing the process. It's an efficient setup that works well!