With the certificate lifetime reducing to 47 days in March 2029, it's now more important than ever to leverage automation to manage your certificates.
The schedule of lifetime changes is:
- Until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.
- From March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
- From March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
- From March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.
Of the automation options offered by Sectigo, we currently support the following:
- Sectigo Network Agent - A centralized certificate lifecycle management agent
- ACME Certbot - Client-side automation
If your web server configuration supports both the Sectigo Network Agent and ACME Certbot, here are some things to consider:
Choose the Sectigo Network Agent if:
Choose ACME Certbot if:
- You accept decentralized certificate ownership in exchange for speed and flexibility
- You want lightweight automation using standard OS scheduling mechanisms
- You want highly scriptable, DevOps‑friendly automation for web‑facing TLS certificates
- Review Certbot installation instructions and requirements
In a nutshell:
With the Sectigo Network Agent, a network agent is deployed to each managed web server / appliance to enable centralized discovery, issuance, and lifecycle management.
With ACME Certbot, once keys are provisioned, certificates are requested and managed locally, allowing teams to programmatically issue certificates for approved domains (e.g., example1.domain.uic.edu, example2.domain.uic.edu) without involving central IT.