AWS Certificate Manager: Updates on Certificate Validity

As of February 18, 2026, AWS Certificate Manager (ACM) has updated its default certificate validity period to comply with new guidelines established by the Certification Authority Browser (CA/Browser) Forum. The new maximum validity for public certificates issued by ACM will now be 198 days, down from 395 days. This article delves into everything you need to know about these changes, their implications for your operations, and actionable insights on managing certificates effectively with AWS Certificate Manager.

In this guide, you will learn about the updates, their significance, and the steps you can take to adapt to the new reality of shorter certificate lifetimes. This comprehensive resource is designed for all users, from beginners looking to understand the basics of ACM to seasoned developers who need detailed insights into the technical implications of these changes.

Table of Contents¶

• What is AWS Certificate Manager?
• Why the Change in Validity Period?
• How the Changes Affect You
• Managing Your Certificates in ACM
• Renewal Process
• Cost Implications
• Best Practices for Using ACM
• FAQs about ACM’s Update
• Conclusion

What is AWS Certificate Manager?¶

AWS Certificate Manager is a service that simplifies the process of provisioning, managing, and deploying SSL/TLS certificates for use with AWS services. It helps ensure secure communication between clients and servers, protecting sensitive information as it travels across the internet.

ACM eliminates the complexity of manual certificate management, providing features like:
– Automatic Renewal: ACM issues certificates that automatically renew before they expire.
– Integration with AWS Services: Seamless use with other AWS services like Elastic Load Balancing, Amazon CloudFront, and more.
– No Extra Charge: There’s no additional cost for ACM certificates when used within AWS regions.

For a detailed overview of AWS Certificate Manager, consider visiting the ACM documentation.

Why the Change in Validity Period?¶

Starting from March 15, 2026, the CA/Browser Forum requires that publicly trusted certificates have a maximum validity period of no longer than 200 days. The intent behind this change is to bolster security practices across the web, reducing the risks associated with certificate misuse.

Key Reasons for the Change:¶

1. Enhanced Security: Shortening the validity period reduces risks from compromised certificates.
2. Quicker Adaptation to Security Issues: Organizations can adopt newer security practices and technologies more rapidly.
3. Improved Management: Prevents complacency by forcing more frequent validation of important security infrastructure.

The implications of this can lead businesses to rethink their certificate management strategies.

How the Changes Affect You¶

This update means that as of today, all new and renewed public certificates issued from ACM will automatically default to a validity of 198 days. Here’s how this change can affect your operations:

Existing Certificates¶

• Transition: Existing certificates with a validity of 395 days will remain valid until their renewal or expiration. During renewal, they will adjust to the new validity period automatically.

Automatic Renewals¶

• ACM will continue to automatically renew certificates. With the update, certificates will now renew 45 days before their expiry.
• Existing certificates with a 395 days validity will renew 60 days prior to their expiry but will also update to the new 198-day format.

Pricing Adjustments¶

As part of the update, ACM has also revised the pricing for exportable public certificates:
– Exportable Certificates: The new cost for a 198-day exportable public certificate is $7 per Fully Qualified Domain Name (down from $15). For wildcards, the price is now $79 (decreased from $149).

This price reduction could significantly impact businesses with numerous domain certifications.

Managing Your Certificates in ACM¶

Renewal Process¶

With the automatic renewal feature, managing your certificates becomes easier, but it’s crucial to keep track of when certificates will be renewed. Here’s how to understand the revised renewal process:

1. Automatic Reminders: ACM sends notifications as the expiration date approaches. Make sure you check your AWS Management Console for updates and manage notifications effectively.
2. Manual Checks: Periodically verify the status of your certificates in the ACM console to ensure they are up to date.
3. Avoid Downtime: Early renewals prevent downtime due to expired certificates, maintaining your sites and applications’ security.

Cost Implications¶

Understanding the financial impact of the new pricing structure can aid in budgeting and minimizing costs around certificate management. As mentioned earlier, costs have been reduced, so updating your financial forecasts to include the new prices is advisable.

Furthermore, keeping fewer certificates (due to the shorter validity) means you may spend less overall while actively managing your security protocols.

Best Practices for Using ACM¶

To fully leverage the AWS Certificate Manager while adhering to the new guidelines, consider implementing the following best practices:

1. Adopt an Automated Workflow: Use ACM’s automated features to ensure you never have expired certificates in your infrastructure.

2. Monitor Traffic and Traffic Patterns: Use analytics to understand how your certificates are being accessed. This can help gauge when it’s time to consider purchasing additional certificates.

3. Stay Informed: Regularly consult AWS blogs and updates to stay informed on security updates and practices, as well as any further changes to ACM.

4. Educate Your Team: Ensure your technical team is educated about the new compliance and expiry terms. They should also be trained in optimizing the utilization of ACM services.

FAQs about ACM’s Update¶

How Does the 198-Day Validity Affect Renewals?¶

• All new and renewed certificates will have the reduced validity. Existing certificates will continue until their scheduled renewal, transitioning to the 198-day format.

Do I Need to Take Action?¶

• No immediate action is required. ACM will handle the transitioning and renewal process automatically.

Will My Existing AWS Certificate Costs Change?¶

• Yes, exportable public certificate costs have been reduced according to the new validity period.

Are the Security Benefits of Shorter Certificates Proven?¶

• Yes, research indicates that shorter life spans for certificates can lead to improved web security, as they are tied closely to rapid responses to vulnerabilities.

Conclusion¶

The update in AWS Certificate Manager, which reduces the default public certificate validity to 198 days, compels organizations to reconsider their certificate management strategies. This change promotes enhanced security practices and aligns with industry standards. Understanding the implications, effectively managing renewals, and adopting best practices will empower businesses to leverage ACM effectively.

As the landscape of digital security continues to evolve, staying ahead of changes and employing effective management strategies will ensure that your operations remain secure and efficient.

For further information on how to navigate these changes effectively, visit the AWS documentation and check out our various resources about certificate management and web security practices.

In conclusion, AWS Certificate Manager’s new updates on certificate validity represent an essential shift in improving online security practices, ensuring that compliance with current standards does not compromise operational efficiency.

Remember, staying informed and proactive about updates in technology like AWS Certificate Manager is key to maintaining robust security protocols in your infrastructure and providing a seamless experience for your users.

Focus Keyphrase: AWS Certificate Manager updates default certificate validity.

Learn more

More on Stackpioneers

Other Tutorials