SSL certificate changes are coming, and they will affect every UK business that runs a website. Let’s Encrypt now issues SSL certificates that last 90 days, and it has confirmed a move to 45-day certificates by 2028. Other certificate authorities are following the same path.
For most small businesses, the SSL certificate changes should not create extra admin work. You should not log in every few weeks, download files, or chase renewals by hand. Your hosting provider should run reliable SSL automation, monitor renewal jobs, and step in fast if anything fails.
This guide explains the SSL certificate changes ahead, the reasons behind shorter lifetimes, and the practical checks UK website owners should run on their hosting setup now.
What’s in This Post
- What is changing with SSL certificates
- Why SSL certificate lifetimes are getting shorter
- What SSL does for your website
- What can go wrong when renewal fails
- Why SSL certificate changes are a hosting responsibility
- What UK website owners should check now
- Manual renewal vs automated SSL
- Questions to ask your hosting provider
- How Webfort handles SSL
- Final thoughts
What is changing with SSL certificates?
Let’s Encrypt has announced a shorter validity window for the certificates it issues. The current lifetime sits at 90 days. The next step drops that window to 45 days by 2028.
The SSL certificate changes go wider than Let’s Encrypt. Certificate authorities and browser vendors have pushed lifetimes down for years. Apple proposed a 47-day maximum at the CA/Browser Forum in 2025, and the wider industry is moving the same way. Shorter lifetimes shrink the window of risk if a certificate or its private key gets misused.
Let’s Encrypt sets out the timeline in its announcement, Decreasing Certificate Lifetimes to 45 Days. The takeaway for website owners stays simple: SSL renewal automation matters more when certificates expire faster.
Why are SSL certificate lifetimes getting shorter?
An SSL certificate proves your website can serve encrypted traffic for a specific domain. A long-lived certificate also means a long-lived problem if it falls into the wrong hands. Shorter certificates limit that exposure.
Shorter SSL certificate lifetimes help in three practical ways. They restrict the damage from leaked or stolen keys. They force hosting platforms to refresh certificates often, which reveals broken automation early. They push providers toward proper renewal pipelines rather than one-off manual fixes.
Manual SSL management made sense when renewals happened once a year. It fits poorly when a website might renew every few weeks. Modern hosting should handle SSL in the background, with the same care as backups, software updates, and uptime monitoring.
What SSL does for your website
SSL encrypts traffic between your visitor’s browser and your website. It protects login details, contact form submissions, checkout data, and account information from travelling across the internet in plain text.
Browsers treat SSL as a trust signal. If your certificate expires, Chrome, Edge, Safari, and Firefox show a full-page warning before someone reaches your site. The warning looks alarming because it is. Most customers will leave rather than click past a browser security warning.
SSL also supports search visibility and customer confidence. Google has used HTTPS as a ranking signal for years, and UK buyers expect the padlock as standard. If you are weighing up hosting providers, treat SSL alongside uptime, support, backups, and migration help. Our guide on things to check before choosing a web host covers those basics in detail.
What can go wrong when SSL renewal fails?
The first visible sign of a failed SSL renewal is a browser warning. Visitors see a message saying the connection is not private, the certificate has expired, or the site is unsafe to visit.
That warning stops enquiries, sales, bookings, and logins. It also makes a legitimate UK business look neglected. If your website handles leads or online payments, even a short SSL outage can cost real money.
Renewal can fail for several reasons. DNS may point to the wrong server. A firewall may block validation. The site may have moved hosts without the certificate automation being rebuilt. A control panel renewal job may fail without alerting anyone. Our AutoSSL troubleshooting guide covers the cPanel-specific symptoms, but the lesson holds for any platform: renewal needs monitoring, not hope.
Why SSL certificate changes sit with your host
A business owner should grasp SSL at a high level. A business owner should not have to renew certificates by hand. Your host controls the server, the web service, DNS integration, renewal tooling, log files, and the support process. That places most of the responsibility on the hosting platform.
A capable host should include SSL at no extra cost, renew it without manual tickets, monitor failed jobs, and fix platform-side problems before visitors see warnings. If the answer is “try renewing it yourself”, the setup is too fragile for a business website.
Hosting goes beyond disk space and bandwidth. The control panel, automation layer, backup system, isolation model, and support team all shape reliability. We wrote about isolated web hosting containers because proper separation and automation make everyday hosting problems easier to contain.
What UK website owners should check now
You can act before 45-day certificates land. Run these checks today and avoid surprises later.
- Confirm your site serves HTTPS. Visit your homepage and look for the padlock in the address bar.
- View the certificate details. Most browsers show the expiry date when you click the padlock or open site settings.
- Ask how your host renews SSL. The answer should describe automation, not a support ticket queue.
- Confirm DNS points to the right platform. Wrong DNS records often break certificate validation without warning.
- Track domain renewal on its own. An active domain and a valid SSL certificate are linked but not the same.
- Keep an emergency checklist. If your site shows a warning, run through our small business website down guide to triage the issue.
If you pay for budget hosting, treat this area with extra care. A low monthly price loses its appeal the first time support ignores a certificate renewal failure. Our post on cheap UK web hosting for small businesses sets out the trade-offs to watch for.
Manual renewal vs automated SSL
Manual SSL renewal puts a person in charge of requesting, validating, installing, and testing each certificate. Every step creates a failure point. The owner can forget. The reminder email can land in an old inbox. The validation method can break after a DNS change. The certificate can install on the wrong service.
Automated SSL removes most of that work. The platform requests the certificate, proves control of the domain, installs the new file, reloads the web service, and repeats the process before expiry. A capable system also logs errors so support can investigate before customers notice.
| Area | Manual SSL renewal | Automated SSL renewal |
|---|---|---|
| Owner workload | High, especially across several sites | Low when the platform behaves |
| Risk of missed renewal | Higher | Lower |
| Best fit | Specialist setups with technical staff | Small business sites, WordPress, reseller hosting |
| Support pattern | Reactive after something breaks | Monitoring and maintenance before expiry |
The shorter the certificate lifetime, the stronger the case for automation. A 45-day certificate leaves little room for slow support, vague ownership, or manual admin.
Questions to ask your hosting provider
If your website earns leads, bookings, or sales, talk to your host about SSL renewal before the next industry shift lands. You do not need a deep technical answer, but you should feel confident that someone has designed the process properly.
Ask whether SSL is included as standard, whether renewal runs without raising a ticket, whether failed renewals trigger alerts, and whether support can inspect DNS, the web server, and certificate validation from one place. If you manage several websites, check that the same renewal process covers every site in the account.
The strongest answer sounds practical, not vague. Your host should explain what happens before expiry, what can block renewal, and who fixes it when something fails.
How Webfort handles SSL
Webfort hosting includes SSL as a standard part of every plan. We do not expect a small business to buy a certificate, upload key files, or remember renewal dates for a normal brochure or shop website.
The platform runs sensible automation, site-level boundaries, and a UK support team that understands the hosting stack. If a certificate issue appears, we can check the domain, DNS, web service, and control panel side from one console instead of sending customers in circles.
This approach fits the way we use Enhance for modern hosting management. To see the platform behind it, read our guide to the Enhance Control Panel for small businesses.
Final thoughts on SSL certificate changes
Shorter SSL certificate lifetimes should improve security across the web. For website owners, the SSL certificate changes should feel boring if your hosting platform does its job. Your certificate renews, your visitors see HTTPS, and your business carries on.
The risk lands on weak hosting setups that lean on manual fixes, patchy monitoring, or unclear support. As certificate lifetimes shrink, those weak points will surface more often.
If you are unsure whether your website has reliable SSL renewal, check the certificate expiry date today. If you would rather have someone else check it properly, Webfort can review your website, hosting, SSL, and basic security setup.