Understand DigiCert annual plans
Annual plans
As of February 24, 2026, DigiCert TLS/SSL certificate plans are one year by default. Learn more about DigiCert annual plans.
A DigiCert® annual plan provides one year of TLS/SSL certificate coverage for a single price. Annual plans apply to Enterprise, Partner, and Legacy accounts. Subscription accounts use a different coverage model. See Understand your account type and coverage model.
How annual plans work
When you order a public TLS/SSL certificate on an annual plan:
DigiCert issues the first certificate with a maximum validity of 199 days.
When the first certificate approaches expiration, reissue the certificate to get a new one. The second certificate validity aligns with the remaining time on the annual plan.
When the second certificate approaches expiration, renew the certificate and the annual plan together.
Reissuing a certificate does not update the expiring certificate on your website automatically. You must replace the expiring certificate with the reissued certificate on your server.
What you can do on an annual plan
Reissue the certificate at any time during the plan at no extra cost
Renew the annual plan up to 90 days before it expires
Add domains to the plan. Additional domain costs are prorated based on the remaining time on the plan
Remove or change domains. DigiCert revokes all previously issued certificates within 48 to 72 hours
Notice
Removing or changing domains on an annual plan requires DigiCert to revoke all previously issued certificates on the order including reissues and duplicates. Replace affected certificates within 48 to 72 hours of the reissue.
Annual plan validity timeline
The CA/Browser Forum has set a schedule for further reducing maximum TLS certificate validity:
Timeline | Maximum certificate validity |
|---|---|
As of March 15, 2026 | 199 days |
As of March 15, 2027 | 99 days |
As of March 15, 2029 | 46 days |
What's next
Understand Multi-year Plans to review the coverage model for 2 and 3-year certificate plans