Solutions · 47-Day Readiness

Prepare for the 47-day TLS era.

By Updated

TLS certificate lifetimes are dropping toward 47 days — roughly 8× more renewals on the same team. MachineCert turns that surge into a non-event with continuous discovery and full automation.

Run a readiness scan Book a demo
8× renewal volumeForecast & planFully automated
Max TLS validity over time
398d
today
200d
Mar 2026
100d
Mar 2027
47d
Mar 2029
Who this is for
Teams preparing for shorter cert lifetimes
For teams preparing for shorter certificate lifetimes and increasing renewal volume.
Why lifetimes are shrinking

The renewal cadence
is about to spike.

Shorter certificate lifetimes improve security — but only teams that automate will absorb the operational impact without new headcount.

Lifetimes are shrinking

Browser and CA programs are driving max validity from 398 to 47 days.

8× renewal pressure

Every certificate now renews far more often — the workload multiplies.

Manual processes break

Spreadsheets and scripts that barely cope today simply won’t survive it.

No slack for error

Shorter windows mean a missed renewal turns into an outage faster.

Readiness in four steps

Assess, forecast,
automate, operate.

1
Assess

Scan to size your footprint and current renewal load.

2
Forecast

Model renewal volume under 47-day lifetimes.

3
Automate

Turn on hands-off renewal across every source.

4
Operate

Run continuously with alerts only on exceptions.

Renewal forecasting

See the cliff before
you hit it.

MachineCert plots every certificate by expiry week, so you can see exactly when renewal pressure spikes — and confirm automation has it covered, weeks ahead.

  • Expiry heatmap by week
  • Renewal capacity planning
  • Per-team readiness scoring
  • Executive readiness report
renewal forecast · next 12 weeks96% automated
Readiness checklist

What 47-day ready
looks like.

Complete inventory

Every cert discovered — public, cloud, and internal.

Continuous monitoring

Expiry and risk tracked in real time, not quarterly.

Renewal forecast

Volume modeled and capacity confirmed.

Automated renewal

Hands-off renewal live across every source.

Readiness score

A measurable score per team and overall.

Exception handling

Clear ownership and escalation for edge cases.

Readiness score

Measure readiness
before the deadline.

Know exactly where renewal volume, ownership gaps, and manual processes create risk.

readiness · 47-day posture · acme-corprefreshed daily
Inventory coverage92%
Ownership coverage85%
Automation coverage43%
Renewal readiness51%
Overall readiness
68/ 100
Tracking · room to improve
FAQ

47-day readiness,
answered.

The CA/Browser Forum has set a path to reduce maximum TLS certificate validity to 47 days by 2029, down from 398 days today, with intermediate steps along the way. Shorter lifetimes reduce the risk window from compromised or mis-issued certificates.
Shorter lifetimes limit how long a compromised, mis-issued, or outdated certificate can be abused, and they push the ecosystem toward automation — improving overall web security.
Going from ~398 days to 47 days means certificates renew roughly 8 times as often. For an organization with thousands or millions of certificates, that’s an enormous increase in renewal operations.
The reduction is phased: validity steps down over several years toward 47 days in 2029. Teams that prepare now avoid a last-minute scramble.
Three things: complete, continuous discovery so nothing is missed; real-time monitoring of expiry and risk; and fully automated renewal so the increased cadence doesn’t require more people.
Realistically, no. Spreadsheets, calendar reminders, and one-off scripts already struggle today; at 8× the volume they break. Automation becomes mandatory.
MachineCert provides the full stack: continuous discovery, a unified inventory, renewal forecasting, and automated, zero-downtime renewal — plus a readiness score so you can track progress.
Yes. MachineCert plots certificates by expiry week and models the renewal volume under shorter lifetimes, so you can plan capacity and confirm automation coverage in advance.
Explore more

Related resources

Renewal automationAbsorb 8× the renewals automatically.Certificate discoveryFind every cert before you automate.Prevent certificate outagesStop short windows causing incidents.Certificate lifecycle managementThe lifecycle, explained.For platform engineersMake TLS a non-event.MethodologyOur approach to machine trust.
Get started

Run a 47-day readiness assessment.

Scan your domain to size your footprint, forecast renewal load, and see exactly where you stand.

Book a demo
See your readiness score in minutes.