Domain Control Validation (DCV) Reuse Periods

The CA/Browser Forum has approved a phased reduction in how long Domain Control Validation (DCV) can be reused before it must be completed again. Previously, the reuse window was up to 398 days. From March 15, 2026, the maximum reuse period has reduced to 200 days under the new rules.

Every time you reissue an SSL Certificate, your existing validation record must still be within its reuse window. If it has expired, the validation process needs to be completed again before your SSL Certificate can be issued or reissued.

This change applies to all methods of Domain Control Validation (DCV) equally, including approver e-mail, Domain Name System (DNS) validation, and file-based authentication. It does not matter which method you originally used to validate your domain. If the reuse period has expired, validation must be completed again using any supported method. Learn About The Trustico® Validation Procedure 🔗

Any existing record older than 198 days is no longer eligible for SSL Certificate issuance or reissue as of March 12, 2026. This applies even if your original 398 day reuse window has not yet expired. Customers who completed Domain Control Validation (DCV) before September 2025 should expect to revalidate when they next reissue.

Organization Validated and Extended Validation SSL Certificates

Customers holding Organization Validated (OV) or Extended Validation (EV) SSL Certificates often ask whether the March 12, 2026 changes affect organization validation in addition to domain validation. The requirements for organization validation are not changing in this rollout, and the existing reuse window for organization details remains in place.

Organization Validated (OV) SSL Certificates remain subject to Domain Control Validation (DCV) in exactly the same way as Domain Validated (DV) SSL Certificates. The reduced 198 day reuse window applies to your domain validation record regardless of how recently organization details were verified. Reissuing an Organization Validated SSL Certificate after the domain record has expired will require revalidation of the domain. Learn About Organization Validation Procedures 🔗

The same applies to Extended Validation (EV) SSL Certificates. Domain validation must remain current at reissue time, and organization details are validated separately under existing rules that are not changing in this rollout. Customers with Extended Validation SSL Certificates do not need to take any additional action beyond what is required for Domain Validated customers. Learn About Extended Validation Procedures 🔗

Future Reductions to the Reuse Period

The reduction to 200 days is the first phase. Further reductions are scheduled in the years ahead. From March 15, 2027, the reuse period for Domain Control Validation (DCV) will reduce to 100 days. From March 15, 2029, it will reduce to just 10 days.

As these reuse periods shorten, completing validation will become a more frequent part of managing your SSL Certificates. At 10 days, manual validation for every reissue cycle becomes a significant operational burden, particularly for organizations managing multiple domains or subdomains. Learn About Managing Short SSL Certificate Validity 🔗

Automatic Validation Through Certificate as a Service

Trustico® Certificate as a Service (CaaS) eliminates the need to manage reuse periods manually. When your Automatic Certificate Management Environment (ACME) client initiates a reissue, it automatically completes Domain Control Validation (DCV) as part of the process, using either the Domain Name System (DNS) or Hypertext Transfer Protocol (HTTP) challenge method configured during your initial setup.

This means that regardless of whether the reuse period is 200 days, 100 days, or 10 days, your server handles validation automatically every time a new SSL Certificate is requested. There is no need to monitor reuse windows, and there is no risk of a reissue failing because your previous validation has expired. Explore Certificate as a Service (CaaS) 🔗

Trustico® is also developing additional tools including Application Programming Interface (API) access and expiry notification services to help customers and partners who manage SSL Certificates manually stay ahead of these changes.