DigiCert annual plans
Notice
Important: As of February 24, 2026, DigiCert TLS certificate orders will be 1-year by default. Contact your account manager or DigiCert Support if interested in using 2- and 3-year plans.
This change just affects TLS certificate products.
DigiCert® annual plans allow you to pay a single price for one year of TLS/SSL certificate coverage.
With an annual plan, all you need to do is select the DigiCert TLS certificate you want to use to protect your domain. The order includes the 1-year plan and, by default, a 199-day TLS certificate. When your 199-day TLS certificate nears its expiration date, you reissue it to get a new one. The expiration date of the second certificate now aligns with the expiration date of the annual plan. When your second certificate nears its expiration date, you renew the certificate and the order together.
Items covered in this article
When to reissue an expiring certificate on an annual plan
When the active certificate for your annual plan is about to expire, you reissue and install the certificate to maintain your TLS certificate coverage. Reissuing a certificate doesn’t update the expiring certificate on your website. You must replace the expiring certificate with the reissued certificate.
For example, you order a Basic OV TLS certificate. You get an annual plan,, and it uses the default certificate validity of 199 days, the maximum allowed by the industry. In Table 1, see what happens to your certificate validity and plan validity when reissuing an expiring certificate 90 to 0 days before it expires.
Plan validity | Certificate validity | When the certificate is reissued | Reissued certificate validity | Days remaining on plan |
|---|---|---|---|---|
365 days | 199 days | 90 days before the certificate expires | 199 days | 58 days1 |
365 days | 199 days | 60 days before the certificate expires | 199 days | 28 days1 |
365 days | 199 days | 32 days before the certificate expires2 | 199 days | 0 days |
365 days | 199 days | 30 days before the certificate expires | 197 days | 0 days |
365 days | 199 days | 7 days before the certificate expires | 173 days | 0 days |
365 days | 199 days | Same day the certificate expires | 166 days | 0 days |
1If reissuing your expiring TLS certificate at 90 and 60 days before it expires, you’ll have a choice to make the next time your TLS certificate nears its expiration date:
2To avoid getting a second certificate with a validity of less than 199 days, DigiCert recommends reissuing your 199-day certificate at least 32 days before it expires. When your reissued TLS certificate is set to expire in 199 days, you can renew your certificate and order. | ||||
Options available when reissuing a certificate on an annual plan
When reissuing certificates for your annual plan, you can do the following:
Set a new expiration date for the reissued certificate.
When you reissue a certificate, you can set the maximum certificate validity to 199 days, or the end of the order validity, whichever is sooner.
Change or remove domains.
Removing and changing domains requires DigiCert to revoke all previously issued certificates. DigiCert waits 48–72 hours before revoking the original certificate and any existing duplicates and reissues.
Add domains.
Adding domains may result in extra costs. Prices for new domains are prorated and applied based on the remaining time on the annual plan.
Annual plan limits
CertCentral Services API integrations: Your API integrations will continue to work the way they did before this change in CertCentral.
CertCentral Subscription accounts and Enterprise accounts with subscription contracts don’t use annual plans.
CertCentral Subscriptions
With Subscriptions, you don't pay for a TLS certificate annual plan. You pay for 12 months of domain protection based on the type of certificate you want to use to protect it.
For example, you can get a 199-day certificate. Then, you renew it before it expires. With a subscription, you can issue as many certificates for your protected domains as you need, at no extra cost. When your subscription renews at the end of 12 months, your domain protection is renewed at the full 12-month price. Learn what happens to your existing annual plans and Multi-year Plans when switching to CertCentral Subscriptions.
Enterprise subscription contracts.
With subscription contracts, your billing is based on the peak usage of certificates over one year.
Switch to a CertCentral Subscription account
CertCentral Subscriptions don’t offer Annual plans or Multi-year Plans. Instead of buying an annual plan or Multi-year Plan, you pay yearly for the assets you want to protect with your digital certificates. To learn more about the new subscription model, go to CertCentral subscriptions.
Reissuing expiring annual plan and MyP certificates
After converting your account to the new subscription model, you can still access your Multi-year Plans from the Legacy Orders page and reissue certificates.
In CertCentral, in the left menu, go to My Digital Trust Products > Legacy Orders.
On the Legacy Orders page, select the order number for the annual plan or MyP certificate you need to reissue.
No need to extend your annual plan or Multi-year Plan
With CertCentral Subscriptions, instead of extending your annual plan or Multi-year Plan, you renew your certificate. With the subscription payment model, you pay yearly for the assets you want to protect with your digital certificates, such as a website domain (TLS).