Domain Control Validation (DCV) Reuse Periods

The CA/Browser Forum has approved a phased reduction in how long Domain Control Validation (DCV) can be reused before it must be completed again. Previously, Domain Control Validation (DCV) could be reused for up to 398 days. As of March 2026, the maximum reuse period has reduced to 200 days.

This means that every time you reissue an SSL Certificate, your existing Domain Control Validation (DCV) must still be within its reuse window. If your Domain Control Validation (DCV) has expired, you will need to complete the validation process again before your SSL Certificate can be issued or reissued.

This change applies to all Domain Control Validation (DCV) methods equally, including approver e-mail, Domain Name System (DNS) validation, and file-based authentication. It does not matter which method you originally used to validate your domain. If the reuse period has expired, you will need to complete Domain Control Validation (DCV) again using any supported method. Learn About File-Based Authentication 🔗

Any existing Domain Control Validation (DCV) record that is older than 198 days is no longer eligible for SSL Certificate issuance or reissue as of March 12, 2026. This applies even if your original 398-day reuse window has not yet expired. Customers who completed Domain Control Validation (DCV) before September 2025 should expect to revalidate when they next reissue.

Future Reductions to Domain Control Validation (DCV) Reuse

The reduction to 200 days is the first phase. Further reductions are scheduled in the years ahead. From March 15, 2027, the Domain Control Validation (DCV) reuse period will reduce to 100 days. From March 15, 2029, it will reduce to just 10 days.

As these reuse periods shorten, completing Domain Control Validation (DCV) will become a more frequent part of managing your SSL Certificates. At 10 days, manual Domain Control Validation (DCV) for every reissue cycle becomes a significant operational burden, particularly for organizations managing multiple domains or subdomains. Learn About The Trustico® Validation Procedure 🔗

How Certificate as a Service (CaaS) Handles Domain Control Validation (DCV) Automatically

Trustico® Certificate as a Service (CaaS) eliminates the need to manage Domain Control Validation (DCV) reuse periods manually. When your Automatic Certificate Management Environment (ACME) client initiates a reissue, it automatically completes Domain Control Validation (DCV) as part of the process, using the Domain Name System (DNS) or HTTP challenge method configured during your initial setup.

This means that regardless of whether the Domain Control Validation (DCV) reuse period is 200 days, 100 days, or 10 days, your server handles the validation automatically every time a new SSL Certificate is requested. There is no need to monitor reuse windows, and there is no risk of a reissue failing because your previous Domain Control Validation (DCV) has expired. Explore Automated SSL Certificate Management with Certificate as a Service (CaaS) 🔗

Trustico® is also developing additional tools including Application Programming Interface (API) access and expiry notification services to help customers and partners who manage SSL Certificates manually stay ahead of these changes.