What Is HTTPS and SSL?
Discover what HTTPS and SSL are, and why HTTPS is crucial for website security.
25 Jun 2025
Learn more© 2007 - 2026 Lexsynergy™.
All rights reserved.
Secure Sockets Layer (SSL) certificates have traditionally been treated as a technical requirement, renewed periodically to keep a website secure and accessible. For many organisations, they have sat quietly in the background of the wider domain management process.
That is changing.
SSL certificate validity periods are being reduced in stages, moving away from annual renewals and towards much shorter certificate lifecycles. By 2029, SSL certificates are expected to have a maximum validity period of 47 days, with domain and IP address validation data reuse periods reducing to just 10 days.
An SSL certificate is a digital certificate that establishes a secure connection between a web browser and a web server. It encrypts data transmitted between the browser and server, ensuring that sensitive information, such as login credentials, credit card numbers and personal data, remains private and secure.
SSL Certificates are crucial for protecting online transactions and building trust with website visitors by verifying the authenticity and identity of the website. When a website has an SSL certificate installed, you will see a padlock icon in the browser's address bar and https:// in the Uniform Resource Locator (URL), indicating that the connection is secure.
For a broader introduction to HTTPS, SSL and the different types of certificates, read our What Is HTTPS and SSL guide.
A domain name is the address people use to find a business online. The domain name system (DNS) directs that domain to the right technical infrastructure. The SSL certificate helps ensure that the connection between the user and that infrastructure is trusted and secure.
Together, these elements form part of the operational foundation of a digital brand.
Without a valid SSL certificate, a website may still technically exist, but users may not be able to access it safely, confidently or at all. Browsers may display warnings such as “Not secure”, “Your connection is not private”, “Certificate expired” or “Potential security risk ahead”.
For a corporate website, that can mean lost traffic, disrupted customer journeys, failed logins, abandoned baskets, inaccessible portals, API failures, broken campaign pages and reputational damage.
Search visibility is also part of the picture. Google has previously stated that HTTPS is used as a ranking signal and therefore SSL certificates should be viewed as part of the wider framework that supports website accessibility, search performance and user confidence.
This is why SSL certificates belong within domain governance. They are connected to DNS, domains, subdomains, redirects, online platforms, brand protection and customer trust. When certificates are mismanaged, the issue may appear technical, but the impact is often commercial, legal and reputational.
The major change is the reduction of maximum validity periods. Historically, many organisations worked around an annual SSL certificate renewal cycle, under the new schedule, that cycle becomes significantly shorter:
| Certificate issued on or after | Certificate issued before | Maximum certificate validity | Validation data reuse period |
| Before 15 March 2026 | 15 March 2026 | 398 days | 398 days |
| 15 March 2026 | 15 March 2027 | 200 days | 200 days |
| 15 March 2027 | 15 March 2029 | 100 days | 100 days |
| 15 March 2029 | N/A | 47 days | 10 days |
SSL certificate validity is the period during which the issued certificate itself remains valid. Validation reuse is the period during which a certificate issuer can rely on previously completed validation checks, such as confirmation that the applicant controls the domain or IP address included in the certificate.
Although certificate validity periods are becoming significantly shorter, this does not mean organisations will need to purchase SSL certificates more frequently. SSL certificates will continue to be billed and renewed on an annual or multi-year commercial basis. The key change is that the validation data supporting those certificates, such as proof of domain or IP control, will need to be refreshed much more regularly in line with the new industry timelines. As a result, organisations should prepare for more frequent validation activity even where their commercial renewal arrangements remain unchanged.
By 2029, domain and IP address validation data reuse is scheduled to fall to 10 days. That is a fundamental operational change. It means organisations can no longer rely on long-standing validation processes, informal ownership knowledge or slow internal approvals. SSL certificate management will require more current data, tighter coordination and clearer oversight.
As validation windows shorten, the risk of delay, duplication and oversight increases, particularly for businesses managing large or complex domain portfolios. While certain elements of certificate validation remain the responsibility of the client, especially where Organisational Validation or Extended Validation certificates require direct confirmation with the Certificate Authority, a centrally managed approach can significantly reduce friction. Working with a corporate domain registrar such as Lexsynergy helps ensure that domain ownership, DNS configuration, renewal timelines and internal responsibilities are properly aligned. Where domains are managed on Lexsynergy nameservers, DNS based validation can also be automated, supporting a more efficient, secure and resilient digital portfolio.
The change is driven by the security and reliability needs of the framework that allows browsers, certificate issuers and website operators to support secure web connections at global scale.
An SSL certificate represents a snapshot of reality and the longer time passes from issuance, the more likely it becomes that certificate data diverges from that reality.
Domains can change hands.
Infrastructure can move.
Organisations can restructure.
Keys can be compromised.
Validation methods can become outdated.
Shorter validity periods are therefore intended to reduce risk windows, improve certificate reliability and limit the impact of misissuance. They also support faster industry response when cryptographic standards, certificate requirements or validation methods need to change.
The intention may be to improve security, but for organisations, the operational effect is increased frequency.
The most obvious impact is that organisations will need to deal with SSL certificates more often. A certificate portfolio that was previously manageable through annual reviews may soon require semi annual, quarterly and eventually near monthly attention.
That creates challenges across several key areas.
Many corporates do not have a single, clean view of every certificate attached to every domain or subdomain. Certificates may have been ordered by IT, marketing teams, web agencies, ecommerce vendors, local offices, acquired businesses or legacy providers. As certificate validity periods shorten, any lack of visibility becomes more difficult to manage.
A certificate can only be managed effectively if the organisation knows who owns the domain, who controls DNS, who can complete domain control validation, who receives approval requests and who is responsible if something fails. In large businesses, this information is often spread across different departments, regions, vendors and legacy systems.
In short, shorter SSL certificate validity periods increase the cost of fragmentation. The more decentralised a business’s domains, DNS and SSL certificates are, the greater the chance that something important is missed.
For organisations that do not want SSL certificate management to become another decentralised operational burden, a centralised corporate solution provides structure, visibility and accountability.
Lexsynergy supports businesses with SSL certificates as part of a wider domain management and online brand protection framework. This is important because SSLs should not be managed in isolation. They are part of the same ecosystem as domains, DNS, online enforcement, monitoring and brand governance.
That managed approach becomes more valuable as SSL Certificate lifecycles shorten. Instead of each internal team, agency or regional provider handling certificates differently, organisations can benefit from a coordinated model that brings SSLs into the same platform as domain names, DNS operations and online brand protection.
For legal teams, that means knowing that the organisation’s domain assets are visible, controlled and aligned with brand protection priorities. For technical teams, it means reducing avoidable certificate failures and validation delays. For leadership teams, it means lowering the risk that a routine certificate issue becomes a customer facing outage or reputational incident.
The reduction in SSL certificate validity periods is more than a technical policy change. It reflects a wider shift in how digital trust is managed online.
As SSL certificate lifespans shorten, businesses will need stronger visibility over the domains, subdomains and services that rely on valid certificates. They will also need clearer ownership, faster validation and more coordinated management across legal, technical, marketing and operational teams.
For businesses, the risk is not simply that an SSL certificate expires. The greater risk is that SSLs are managed separately from the wider domain and brand protection strategy.
Lexsynergy helps organisations bring these elements together. Through managed SSL certificate support, corporate domain management and online brand protection advisory services, we provide a structured way for businesses to stay ahead of industry changes, protect critical digital assets and maintain long term confidence in their online presence.
An SSL certificate is a digital certificate that enables a secure, encrypted HTTPS connection between a website and a visitor’s browser. It helps protect data in transit and supports trust in the website being accessed.
A website needs an SSL certificate to use HTTPS, encrypt data between the browser and the server, support user trust and avoid browser security warnings. For businesses, SSL certificates are also connected to website accessibility, search visibility, customer confidence and brand reputation.
If an SSL certificate expires, users may see a browser warning and may be discouraged or prevented from continuing. On some websites, particularly those using HSTS, users may not be able to bypass the warning. This can interrupt access to websites, portals, applications and customer journeys.
HTTPS is used by Google as a ranking signal and therefore should be viewed as part of a wider website quality, security and accessibility framework.
No. SSL certificates are not being discontinued. They are becoming shorter-lived, which means they will need to be issued, renewed and validated more frequently.
Domain validation reuse is the period during which a certificate issuer can rely on previously completed checks confirming that an applicant controls a domain or IP address. Under the new schedule, domain and IP address validation reuse will reduce significantly, reaching 10 days from 15 March 2029.
Validation reuse is being reduced because certificate information can become stale. Shorter reuse periods help ensure that the information relied on when issuing a certificate is more current and reliable.
Because SSL certificate failures can affect public-facing brand assets. A website that displays a certificate warning may look unsafe, neglected or compromised. For legal and brand protection teams, SSL management is part of ensuring that official online channels remain trusted, accessible and under control.
Discover what HTTPS and SSL are, and why HTTPS is crucial for website security.
Understand how DNS works and why using Anycast DNS can significantly reduce the risk of your website going offline.
As validity periods shorten, manual processes become more fragile. Calendar reminders, spreadsheets and individual inboxes are unlikely to provide adequate resilience for a large corporate domain portfolio, especially where domains are mission critical or spread across multiple regions and brands. What may have worked for annual renewals can become unreliable when certificates require much more frequent attention.
Lexsynergy provides managed SSL certificate support as part of a wider corporate domain management and online brand protection solution. That means SSLs can be handled within a centralised, strategic framework that considers domains, DNS, validation, renewals, visibility, brand risk and long-term governance together.
Fed up with hidden fees and long response times from your domain registrar?