The CA/Browser Forum has approved a plan to reduce SSL/TLS certificate lifetimes over the next few years. Here’s the timeline and what organizations should expect.

Last updated: March 2026

The rules for SSL certificate lifetimes are changing again.

The CA/Browser Forum — the industry body that sets the policies for publicly trusted TLS certificates — has approved a plan to gradually shorten SSL certificate validity periods, eventually reducing them to just 47 days.

That’s a significant shift from the current ecosystem, where certificates are typically issued for about a year.

Fortunately, the transition is happening in phases, giving organizations time to adapt before the shortest certificate lifetimes take effect.

TL;DR

• SSL certificate lifetimes are being reduced over the next several years

• The current 398-day maximum lifetime will drop to 200 days in 2026, 100 days in 2027, and 47 days in 2029

• Certificates will need to be renewed much more frequently

• Automated certificate management will increasingly replace manual renewal processes

By 2029, publicly trusted SSL/TLS certificates will have a maximum lifetime of just 47 days — down from today’s 398-day limit.

The New SSL Certificate Lifetime Timeline

For the past several years, publicly trusted TLS certificates could be issued for a maximum of 398 days.

Under the new rules, that maximum validity period will shrink in stages:

Some certificate authorities have already begun adjusting issuance policies to align with the upcoming limits.

Why Certificate Lifetimes Are Being Reduced

Shorter certificate lifetimes are primarily about reducing risk and improving the security of the web PKI ecosystem.

Reduced exposure if a key is compromised

If a certificate’s private key is compromised, shorter validity periods limit how long it can be abused.

Faster response to cryptographic changes

If vulnerabilities or policy changes occur, shorter certificate lifetimes allow the ecosystem to respond and update much faster.

Encouraging automated certificate management

The industry has been steadily moving toward automated certificate issuance and renewal. Shorter certificate lifetimes reinforce that trend.

Manual certificate renewal workflows simply don’t scale when certificates expire every few weeks.

What This Means in Practice

The most immediate impact is simple: certificates will need to be renewed far more frequently.

Instead of renewing certificates roughly once per year, organizations will eventually move toward renewal cycles happening several times per year — and ultimately roughly every six to seven weeks.

This also means that workflows relying on manual certificate installation and renewal reminders will become increasingly difficult to maintain.

Multi-year SSL subscriptions will still exist, but instead of receiving a single long-lived certificate, organizations will receive a sequence of shorter-lived certificates issued throughout the duration of the subscription.

How easyDNS Customers Can Prepare

There’s no immediate action required, but this is a good time to review how certificates are currently managed within your infrastructure.

In particular:

• Identify where certificates are deployed across your systems

• Confirm whether certificate renewals are automated

• Check whether any services still rely on manual renewal processes

As certificate lifetimes shrink, automation will increasingly become the practical way to manage TLS certificates.

easyDNS offers a full range of SSL certificates along with highly reliable DNS hosting, helping organizations manage domains and certificate validation as part of a modern TLS deployment.

The Bottom Line

The move toward 47-day SSL certificates represents one of the biggest operational shifts in web PKI in years.

The goal is straightforward: reduce risk across the ecosystem while encouraging modern certificate management practices.

The transition will take place gradually over the next several years, giving organizations time to adapt their certificate management workflows before the shortest lifetimes arrive.

We will be performing scheduled updates on a number of our cPanel servers over the coming days.

As part of this work, the database service will be restarted on each server. During the restart, there will be a brief service interruption affecting database-driven websites and applications.

Maintenance Window:
Monday–Friday, somewhere between 3:00am–5:00am EST
We will complete 1–2 servers per day during this window.

We will update the list below daily and mark each server as COMPLETED once maintenance has been finished.

Server Maintenance Status

• cpanel1.easyweb.com
• cpanel2.easyweb.com
• cpanel3.easyweb.com
• cpanel4.easypress.ca
• cpanel5.easypress.ca
• cpanel6.easypress.ca
• cpanel7.easyweb.com
• cpanel8.easyweb.com
• cpanel9.easyweb.com
• cpanel10.easyweb.com
• cpanel11.easyweb.com
• cpanel12.easyweb.com
• cpanel13.easyweb.com

We do not expect extended downtime, and each interruption should be brief. If you experience any issues outside of the maintenance window, please contact our support team.

Thank you for your patience while we complete these updates.

On March 16th between 3:00am and 6:00am EDT, we will be performing a scheduled maintenance window affecting our outgoing mail server:

mailout.easymail.ca

What We’re Doing

During this window, we will be upgrading the outbound mail flow so that all SMTP connections are routed through an enhanced spam filtering layer.

This change is part of our ongoing efforts to:

• Reduce spam and malware originating from compromised user accounts
• Prevent our mail servers from being listed on Real-time Blackhole Lists (RBLs)
• Improve overall email deliverability
• Strengthen the reputation and reliability of our outbound infrastructure

RBL listings impact not only the source of spam but also legitimate users, so proactive filtering and monitoring are critical to maintaining high deliverability rates.

Expected Impact

While the maintenance window is scheduled for three hours, the actual service interruption is expected to be brief.

The extended window allows us to:

• Run post-upgrade validation tests
• Closely monitor logs for anomalies
• Confirm mail flow stability
• Ensure spam filtering is operating as expected

We will continue monitoring beyond the maintenance window to ensure everything remains stable.

Need to Send Mail During the Maintenance?

If you require uninterrupted outbound email access during this period, you may temporarily switch your outgoing SMTP server to:

mailout.easydns.com

Once the maintenance window has concluded, you can switch back to:

mailout.easymail.ca

Please note: We will be applying the same upgrade to mailout.easydns.com in the near future. A separate notice will be sent prior to that maintenance window.

Why This Matters

Outbound spam and malware not only affect recipients — they directly impact the sending server’s reputation. When servers are reported to RBLs, legitimate users can experience:

• Delayed delivery
• Message rejections
• Increased spam filtering by recipient providers

By adding an additional filtering layer to outbound traffic, we’re taking proactive steps to protect both our infrastructure and our customers’ email reputation.

If you have any questions or require assistance adjusting your mail client settings, please contact support prior to the maintenance window.

Thank you for your understanding as we continue improving the security and reliability of our email services.

At easyDNS, we believe policies should be readable by actual humans.

So we’ve recently done a cleanup of our Terms of Service, Privacy Policy, and Takedown Policy to make them clearer, better organized, and easier to navigate.

To be crystal clear: nothing about how we operate has changed — this is strictly a documentation refresh.

What’s Updated

We’ve cleaned up and reorganized:

• Terms of Service

• Privacy Policy

• Takedown Policy

What’s New

We’ve also added two new standalone policies to better document things we already do:

• Data Retention Policy

• Anti-Spam Policy

Again, these don’t represent new practices — they simply make our existing approach easier to understand and reference.

As always, if you have any questions, feel free to reach out.

Currently new domain registrations are on pause due to increased latency and error rates in one of our upstream vendor’s API.  It is being investigated and we’ll update this post when new information is available.

UPDATE at 17:12 EST: Registrations are working again.

Google has announced that Gmail will no longer support the “Check mail from other accounts” feature that fetches messages from third-party mailboxes via POP into your Gmail account.

You can read Google’s official notice here:
https://support.google.com/mail/answer/16604719?hl=en

What’s Changing?

If you currently use Gmail on the web to pull mail from your easyMAIL (or any third-party) mailbox using POP, this will no longer work once Google retires the feature.

Specifically:

• ❌ Gmail on the web will no longer fetch emails from external accounts via POP.

• ❌ “Check mail from other accounts” will no longer be supported.

• ✅ Gmail can still be configured to send mail as your easyMAIL address via SMTP.

• ✅ You can still access third-party mail accounts in the Gmail app using IMAP.

• ✅ You can continue using standard email clients (Outlook, Thunderbird, Apple Mail, etc.).

So no — this is not the end of using third-party email with Gmail. But it does change how you’ll need to set things up.

Workaround: Forward Your easyMAIL to Gmail

If you prefer managing everything inside Gmail, you can configure your easyMAIL mailbox to automatically forward mail to your Gmail address.

We have a step-by-step guide here:

👉 https://kb.easydns.com/knowledge/easymail-filters-vacation-replies-forwarders-etc/

A Note About SPF

Forwarding email can sometimes cause SPF failures, since the message is technically being re-sent from a different server. That said, Gmail is generally very good at handling forwarded mail from reputable providers like easyDNS.

Sending Mail from Gmail as Your easyMAIL Address

You can still configure Gmail’s “Send mail as” feature using SMTP. This allows you to send email from Gmail that appears to come from your easyMAIL address.

Use these SMTP settings:

Outgoing SMTP:

• Server: mailout.easymail.ca

• Username: [email protected]

• Password: Your mailbox password

• Security: STARTTLS or SSL/TLS

• Port: 587 (STARTTLS) or 465 (SSL)

Other Ways to Access Your easyMAIL

If you’d rather access your mailbox directly, you have several options:

1️⃣ Webmail

Access your mailbox anytime at:

👉 https://webmail.easymail.ca

2️⃣ Use an Email Client (Recommended)

You can configure Outlook, Thunderbird, Apple Mail, or any modern email client that supports TLS v1.2 or higher.

Incoming IMAP (Recommended)

• Server: imap.easymail.ca

• Username: [email protected]

• Password: Your mailbox password

• Security: STARTTLS or SSL/TLS

• Port: 143 (STARTTLS) or 993 (SSL)

Incoming POP

• Server: pop.easymail.ca

• Username: [email protected]

• Security: STARTTLS or SSL/TLS

• Port: 110 (STARTTLS) or 995 (SSL)

Outgoing SMTP

• Server: mailout.easymail.ca

• Username: [email protected]

• Password: Your mailbox password

• Security: STARTTLS or SSL/TLS

• Port: 587 (STARTTLS) or 465 (SSL)

Full settings reference here:

👉 https://kb.easydns.com/knowledge/easymail-settings-and-specifications/

The Bottom Line

Google’s removal of POP fetching in Gmail on the web is inconvenient — especially for users who liked consolidating multiple mailboxes into a single interface.

However:

• Your easyMAIL service is unaffected.

• IMAP access still works.

• SMTP “Send mail as” still works.

• Forwarding is still an option.

• Webmail and standard email clients remain fully supported.

If you have questions or need help reconfiguring your setup, our support team is here to help.

— The easyDNS Team

How this forgotten result code can redefine the Internet.

It is impossible to overstate the importance of Open Source Software in our lives today. Open source initiatives like Unix, Linux, *BSD power somewhere north of 75% to 90% of the net connected servers worldwide, same goes for the vast majority of web servers (Apache, nginx), mail servers (IMAP, Postfix, Dovecot, Exim), databases (MariaDB, MySQL), all OSX workstations and laptops run BSD under the hood, the list goes on.

Until recently, the economics of working and contributing to open source endeavours were such that a successful project would, or at least could, lead to economic success as well, through add-on services, professional enhancements, consulting and licensing.

With the explosion of AI and disruptions coming in its wake, all that seems to be under threat of annihilation, as LLMs, AIs and “vibe coding” don’t outright replace open source developers, but they are abstracting them away – burying their visibility, and at least in the case of Tailwind CSS – an extraordinarily successful open source css framework, whose founder recently announced he had to effectively lay off his entire team as a result of the knock-on effects of AI:

Search Engine Optimization (SEO) used to be a game of “reading the mind of Google”, and there was an entire ecosystem of what were called “content websites”, some derived their very existence to being able to rank first for specific, super-niche questions and cocooning the answers within a gauntlet of pay-per-click ads and pop-ups.

Projects like Tailwind also relied on their preeminence in search results owing to their authorship and expertise in their IP.

Now all that has changed. People are just asking AI, or else the search engines are asking for you. No more getting all the clicks for “how many fluid ounces in a litre?” it’s about jockeying for search engine placement so that LLMs will include your pages in their responses.

And that also means, when people ask about documentation on things like Tailwind CSS, they just get back an AI-assisted response and they never land on Tailwind’s website:

Around the same time that the Tailwind CSS news began circulating, I saw this chart about the fate of Stackoverflow, which was acquired for  $1.8 billion just a little over a year before chatGPT broke onto the scene…

StackOverflow graph of questions asked per month.

Holy shit. pic.twitter.com/Iver1tyOKH

— Sam Rose (@samwhoo) January 3, 2026

Oof.

We’re seeing initiatives like llms.txt and which seek to guide LLMs and AI agents on how to index a website, this issue is the crux behind Tailwind’s dilemma.

Are there ways for developers and site owners to adapt and to pivot to this emerging reality, and do so in a way where they can prosper instead of merely fighting for survival?

It’s been a little over a year since I had my own existential epiphany: the realization that in the future, more of our clients would be AI agents than actual people. That still dogs me as we see the proliferation of MCP endpoints and A2A deployments, while easyDNS grinds away at rebuilding our entire UX… which may get used by fewer and fewer people over time.

The Holy Grail of  the Internet Economy: Micropayments

Since the very beginning micropayments were seen as a way to open up the internet economy and bring about a Golden Age for creators, developers and all manner of independent workers and small businesses – the idea that people would pay a small amount to read a high signal article, or to pay for a limited set of executions of some micro-service, or to buy or lease pieces of code.

The only problem was that payment rails didn’t exist to facilitate any of this. Minimum payment thresholds, not to mention processor fees on credit cards precluded it, and early iterations of crypto (Bitcoin, Ethereum) provided near-infinitely divisible denominations, but were too slow.

What that left us with historically, were two alternative monetization paths that largely defined the entire online economy:

1. Subscriptions : where everything was geared toward continuity services. Remember those pieces of software you bought once upon a time and installed on your laptop? Those are all now monthly subscriptions in the cloud. Instead of paying one or five cents to read a high quality think piece on Substack, you subscribe monthly. The list goes on.
2. Ad Driven / Pay-Per Click: where content or services are free, and networks like Google Adsense drive the monetization model for huge chunks of the internet.This has had all kinds of repercussions –  which we can’t do justice to here, but Jaron Lanier has written on this extensively (I reviewed his “10 reasons to delete your social media accounts previously). Suffice it to say, this has given rise to clickbait culture and everything associated with it.

If only there was some way where creators and coders could:

• Get paid in small increments, but at scale, for use of their IP, services or infrastructure.
• Not have to worry about whether the consumer was an LLM or not.
• Be rewarded for success in having search engines and agents seek out their work, instead of penalized.

x402 enters the chat

402 is the HTTP response code for “Payment Required” – it’s been part of the original specification since the very beginning, and was created more or less as a placeholder, since internet payments were non-existent.

In September 2025, we had what I think will be seen as a  major development when Coinbase and Cloudflare announced the launch of x402 Foundation: The x402 protocol seeks to become a neutral, open standard for embedding agentic payments directly into the HTTP protocol.

It’s early days, but there is already a measurable ecosystem forming around this initiative – a lot of the early projects were things like memecoins and the like, but I do think this is showing us an early glimpse into where the puck is going:

We see from the numbers that our average transaction size pencils out to around 28 cents (~ $41M by 146M transactions).

Right now this all happens on stablecoins like USDC, Tether running on L1’s like Ethereum and Solana, but the protocol is extensible, this could theoretically happen over Lightning on Bitcoin, and any other decentralized Layer 1 protocol.

And this is where I see the opportunity to make micropayments a foundational layer to the next iteration of the network economy.

Imagine if an agentic AI paid Tailwind CSS a few pennies or even a fraction of one for accessing LLM-optimized documentation or snippets of code?

There may be a non-trivial zero-to-one problem with “training” the bots and the people running them to adapt to micropayments, but I think it is already happening.

Anecdotally, I was playing with Dexter, an AI overlay for financial modellng, this past week and I wanted to grab screen captures of it, but under the hood I noticed that all of these interactions with the backend APIs and MCP servers I had configured were negotiating very quick microtransactions via x402.

I’ve been building Dexter for 2 months now.

It’s like Claude Code, but for finance.

What Dexter can do:
• find undervalued stocks
• analyze them in detail
• build investment thesis

All of the code is open source.

Bonus: Dexter can also run on local LLMs. pic.twitter.com/rngoHm5w0G

— virat (@virattt) January 9, 2026

For my part, because I’m a DNS  guy, so everything on earth can either be signalled, or discovered, via DNS – I submitted a draft proposal for x402 endpoint discovery via (wait for it)… DNS TXT records to the IETF portal.

This is happening – and I think the more open source devs become aware of it, they’ll see the opportunity that micropayments finally arriving in a credible sense gives the entire ecosystem.

Yes — easyDNS now accepts Zcash (ZEC). If you’re looking for a domain registrar or web host that accepts Zcash, you can now pay for easyDNS services using ZEC at checkout.

A long tradition of crypto “firsts” at easyDNS

Adding Zcash follows our track record of firsts in the emerging cryptocurrency space, with real-world utility in the domain system, including:

• First ICANN-accredited registrar to accept Bitcoin (BTC) (2013)

• First registrar to enable Ethereum Name Service (ENS) linking to legacy domains (2018)

• First to enable Nostr / NIP-05 IDs at your own domain

• First to accept DOGE and SOL (Dogecoin and Solana)

If you want internet infrastructure from a provider that’s been doing this for over a decade, look no further.

What you can pay for with Zcash at easyDNS

You can use Zcash (ZEC) to pay for easyDNS products and services such as:

• Domain registration and renewals

• DNS hosting / managed DNS

• VPS and Web hosting

• easyPress: our managed Wordpress platform.

How to pay with Zcash (ZEC)

1. Add your domain(s) or services to your cart

2. Proceed to checkout

3. Scroll down to cryptopayment methods

4. Generate a Zcash (ZEC) payment address

5. Send the payment and you’re done

6. Allow a few minutes for 3 confirmations

FAQ: Zcash payments for domain registration & hosting

Do you accept Zcash for domain renewals?

Yes — where you can check out online, you can use ZEC.

Is this “ZEC” (Zcash) specifically?

Yes. We’re talking about Zcash (ticker: ZEC).

Are you a domain registrar that accepts Zcash?

Yes — easyDNS is a domain registrar that accepts Zcash and supports DNS and hosting services as well.

If you’ve been searching for “pay for a domain with Zcash”, “Zcash web hosting”, or a “registrar that accepts ZEC”, you’ve come to the right place.

Here are the hours of our Support team during this holiday season.

22 December – normal business hours (8:30am-6pm EST)
23 December – normal business hours (8:30am-6pm EST)
24 December – we are closing at 3pm EST
25 December – CLOSED
26 December – open from 8:30am to 3pm EST
27 December – normal business hours (12pm-6p EST)
28 December – normal business hours (12pm-6p EST)
29 December – normal business hours (8:30am-6pm EST)
30 December – normal business hours (8:30am-6pm EST)
31 December – we are closing at 3pm EST
01 January – CLOSED
02 January – back to normal business hours

Merry Christmas and a Happy New Year from the team at easyDNS. All the best in 2026!

The PDU replacement maintenance has been successfully completed with no service interruptions. All systems are back to normal operation.

If you notice any issues, please contact support. Thank you for your understanding.