Public TLS Certificate Management
Evertrust's Certificate Lifecycle Manager automates and governs frequent certificate and Domain Control Validation (DCV) renewal cycles across hybrid environments.
Mandated by ballot SC-081v3
Phased: 2026 → 2029
Phase 00 · Baseline
398
days validity
Until March 2026
Phase 01 · Active
200
days validity
Since 15 March 2026
Phase 02 · Next
100
days validity
15 March 2027
Phase 03 · Target
47
days validity
15 March 2029
DCV reuse periods follow the same curve, down to just 10 days by 2029, meaning domain control must be re-validated at almost every issuance.
Domain Control Validation
What is DCV and why is it important?
Domain Control Validation is how a Certificate Authority confirms that whoever requests a TLS certificate actually controls the domain it covers. It is a mandatory step in every public issuance and renewal, typically completing a challenge such as placing a specific DNS record.
TLS certificates protect customer-facing websites, internal services, APIs, VPNs, and cloud workloads. However, as environments diversify, use cases grow and teams decentralize, keeping track of thousands of certificates and renewing them on time becomes almost impossible with manual processes.
Validity is already down to 200 days and will keep falling. Shorter lifespans raise the operational tempo and the pace at which teams need to act.
As Domain Control Validation (DCV) reuse windows shrink toward 10 days, validation must happen far more often, not just once per year.
Validation workflows spread across multiple CA environments and create duplicate, inconsistent processes, with DNS proof records handled differently by each provider.
Introducing
One control plane for public certificate operations, built for 47-days certificates and 10-days DCV.
From DCV challenge retrieval to DNS proof record provisioning, certificate renewal, deployment, and auditability, Evertrust turns fragmented public certificate workflows into governed, automated operations.
Learn more about Evertrust CLMCentralize DCV challenge retrieval, validation tracking, and renewal workflows across multiple public Certificate Authorities without managing each CA process separately.
Automate DNS-based validation across heterogeneous DNS environments, reducing manual updates, copy-paste errors, ticket dependency, and renewal delays.
Trigger validation and renewal workflows ahead of expiration, so shorter certificate validity and reduced DCV reuse windows are managed proactively, not reactively.
Track certificate ownership, validation status, renewal activity, deployment progress, audit trails, and exceptions from one centralized operating layer.
Shorter lifespans don't just mean more work, they mean more work than any team can absorb by hand. Here is what changes, line by line, the day renewal and DCV stop being manual.
Zero
Expiry outages with proactive automated renewals.
Minutes
Elapsed time from renewal trigger to a deployed, valid certificate.
8 times
Workload increase is absorbed by the platform, not by your team.
European Digital Trust
Evertrust is the European reference in certificate lifecycle management and PKI. With deep expertise in cryptography, we help organizations meet the 47-days transition while keeping their digital trust infrastructure under European jurisdiction, a deliberate alternative to US-based platforms.
Evertrust is designed to fit the reality of enterprise environments, not force you into a single CA, a single DNS provider, or a single way of working.
5/5 average rating on Gartner Peer Insights
Company size
Industry
Solution
Role
Resources
Guides, articles and analysis to help you plan your move to 47-day TLS certificates and 10-day DCV.
A complete guide to the CA/Browser Forum timeline, what shorter lifespans change, and how to prepare your certificate operations.
Read BlogHow shorter validity reshapes build, deploy and renewal workflows, and where automation becomes non-negotiable.
Read BlogWhy free, short-lived certificates carry hidden operational costs at enterprise scale, and what to weigh before relying on them.
ReadFAQ
Everything you need to know about 47-day certificates, 10-day DCV, and how Evertrust automates it.
The CA/Browser Forum ballot SC-081v3 phases public TLS certificate validity down from 398 days to 200 days (since March 2026), then 100 days in 2027, and finally 47 days by March 2029. In parallel, DCV reuse windows shrink to just 10 days, meaning domain control must be re-validated at almost every renewal.
DCV is how a public Certificate Authority confirms you control the domain a certificate covers, typically by publishing a specific DNS record. As reuse windows drop toward 10 days, this check happens far more often, turning a once-a-year task into a near-continuous operation that is impossible to handle manually at scale.
No. Evertrust is CA-agnostic and DNS-agnostic. It orchestrates DCV and renewals across your existing public CAs (DigiCert, Sectigo, SwissSign, GlobalSign…) and DNS providers (Cloudflare, AWS, Infoblox, EfficientIP…) from a single control plane, with no rip-and-replace required.
Evertrust retrieves the DCV challenge from the CA, provisions the required DNS proof record automatically, validates domain control, renews and deploys the certificate, then cleans up, with full audit trails. The entire cycle runs in minutes, without tickets, copy-paste, or manual DNS edits.
The volume of renewals and validations rises roughly 8× as validity drops to 47 days. With Evertrust, that increase is absorbed by the platform, not your team: proactive automated renewals prevent expiry outages and keep operations zero-touch.
Yes. Evertrust is the European reference in certificate lifecycle management and PKI, keeping your digital trust infrastructure under European jurisdiction: a deliberate, sovereign alternative to US-based platforms.