In 2023, Google suggested shortening the lifespan of Secure Socket Layer (SSL) certificates from 13 months to 90 days. This change is meant to boost security, but it also requires website owners and administrators to adjust their routines.
This article will explain what this change means, why it’s happening, and how to prepare your website.
What are SSL certificates?
Secure Socket Layer (SSL) certificates, often called TLS or digital certificates, are key to keeping the internet safe.
SSL certificates protect online connections by encrypting data sent between your browser and the website's server.
These certificates make sure data is sent privately and isn’t changed, lost, or stolen.
When a website has an SSL certificate, its address starts with “HTTPS” instead of “HTTP,” signalling that it’s secure.
Why is Google changing the SSL certificate lifespan?
Google wants to change the SSL certificate lifespan to 90 days to push for some important industry changes:
- Better security: Shorter lifespans make it harder for attackers to harm websites for long. If a certificate is compromised, it only lasts a short time.
- Quicker fixes: If problems with certificates are found, shorter lifespans mean they can be replaced faster.
- Promoting automation: With shorter renewals, website owners are encouraged to automate SSL certificate management. This helps prevent expired certificates and keeps sites secure.
When does this change take effect?
There is no set date for this change yet. However, experts think Google might introduce it in late 2024 or early 2025.
Website owners should start getting ready now to avoid any problems when it happens.
How to prepare for the 90-day SSL certificate change
Adapting to the new 90-day SSL certificate change requires some planning. Here’s what you should do:
Automate SSL certificate renewals
The most critical step is to automate your SSL certificate renewals.
Manually renewing your SSL every 90 days can be time-consuming and prone to errors. Luckily, many hosting providers and SSL providers offer automated renewal options.
How to automate SSL renewals
- Use Let’s Encrypt: Let’s Encrypt offers free SSL certificates with built-in automation. Their ACME (Automatic Certificate Management Environment) protocol makes renewing certificates easy.
- Check with Your Hosting Provider: Many hosting companies offer automatic SSL renewals with their packages. Contact your host to see if this option is available.
- Use a Certificate Management Tool: Tools like Certbot, ZeroSSL, or SSLMate can help automate the process if your hosting provider doesn’t offer automation.
Update your certificate management process.
If you manage multiple websites, you’ll need to revisit how you handle SSL certificates. Tracking expiration dates and ensuring timely renewals becomes more critical with shorter lifespans.
Best practices for certificate management
- Centralise Management: Use a certificate management tool that consolidates all your certificates in one place. Examples would be DigiCert or KeyFactor.
- Set Alerts: Configure alerts for upcoming expirations to avoid missed renewals. For example, use your service desk tool to automatically create a ticket when a certificate is due for renewal. Or use Power Automate to add a work item to your DevOps board.
- Test Regularly: Regularly check your certificates’ status to ensure they are valid and correctly installed.
Educate your team and clients.
If you work with a team or manage websites for clients, it’s important to share these changes. Ensure everyone knows why this is happening and how it will affect the business.
- Hold a meeting to explain the changes and steps your team needs to take.
- Create clear guides for the new processes.
- Offer training on any new tools or software for managing certificates.
Consider multi-domain SSL certificates.
If you manage several domains, a multi-domain SSL certificate might be the right choice.
Multi-domain certificates are great for businesses managing multiple websites, allowing you to secure several domains (e.g., contoso.com, contoso.org) with one certificate, making management easier.
Stay informed about changes.
SSL and security standards evolve frequently. Stay informed about updates from SSL certificate providers, hosting companies, and browser developers like Google. This way, you can adapt promptly to any new requirements.
- Subscribe to newsletters from your SSL provider or hosting company.
- Follow industry blogs and news outlets. The tld;dr sec newsletter is a good place to start.
- Join online communities or forums focused on website security.
Ensuring a smooth transition
The move to 90-day SSL certificates is a major change, but it’s for the better. It improves website security and promotes better practices for managing SSL certificates.
By automating renewals, updating your processes, and staying informed, you’ll be ready when the change happens.
Start planning and testing your renewal process now to ensure a smooth transition without any issues. If you are looking for advice or support navigating the Google 90-day SSL change, don't hesitate to reach out to our team of experts. We're here to help you stay compliant and secure.
