200-day TLS cert limit now active — 47-day limit coming 2029

Every Expiration Date.
One Dashboard. Zero Surprises.

TLS cert lifetimes just dropped to 200 days — and they're heading to 47. ExpiryMap tracks every expiring credential across your entire infrastructure so nothing slips through the cracks.

Free for up to 25 tracked items. No credit card required.

app.expirymap.com/dashboard
ExpiryMap dashboard showing certificate expiration timeline, credential status, and upcoming expirations

Works with your infrastructure

AWS Azure Google Cloud Cloudflare Let's Encrypt DigiCert HashiCorp Vault Kubernetes PagerDuty Slack

The Clock Is Already Ticking

The CA/Browser Forum has voted. Certificate lifetimes are shrinking on a fixed regulatory schedule — and the first reduction is already live.

Active Now

March 15, 2026

Maximum certificate validity drops to 200 days. DCV reuse limited to 200 days.

12 Months Away

March 15, 2027

Validity drops to 100 days. DCV reuse limited to 100 days. Manual renewal becomes impossible at scale.

Coming 2029

March 15, 2029

Maximum 47-day validity. DCV reuse: 10 days. Full automation or daily firefighting — your choice.

Get Ahead of the Deadline

One place for every credential that expires

Stop juggling spreadsheets and calendar reminders. ExpiryMap discovers, monitors, and alerts on every expiration across your stack.

Auto-Discovery

Point ExpiryMap at your infrastructure and it finds every credential automatically. AWS, GCP, Azure, Kubernetes, Vault — no manual inventory needed.

Smart Alerts

Escalation chains that reach the right person at the right time. Slack, PagerDuty, email — alerts fire at 90, 30, 14, and 7 days before expiry.

Unified View

TLS certs, API keys, domains, cloud secrets, software licenses — one dashboard with color-coded timelines. See your entire expiration landscape at a glance.

Compliance Ready

Full audit logs, exportable compliance reports, and regulatory timeline tracking. Know exactly where you stand when auditors come knocking.

35%

of outages are caused by expired certificates

— Ponemon Institute

50K+

certificates managed by the average enterprise

— Keyfactor Industry Report

73%

of organizations experienced cert-related outages in the past 2 years

— Venafi Research

Simple pricing. No surprises.

Start free, upgrade when you're ready. All plans include the core dashboard and email alerts.

Monitor

For small teams getting started

$29 /mo
  • Up to 100 tracked items
  • Email alerts
  • 1 team member
  • 7-day alert history
Start Free

Protect

Popular

For growing infrastructure teams

$79 /mo
  • Up to 1,000 tracked items
  • Slack + PagerDuty integration
  • Auto-discovery engine
  • 5 team members
  • 90-day alert history
Start Free Trial

Enterprise

For orgs with complex infrastructure

$199 /mo
  • Unlimited tracked items
  • SSO + RBAC
  • Full audit logs + reports
  • REST API access
  • Dedicated support + SLA
Contact Sales

Frequently Asked Questions

Why are certificate lifetimes getting shorter?
The CA/Browser Forum passed Ballot SC-081v3 in April 2025, mandating a phased reduction in TLS certificate validity. The goal is to limit the damage window if a certificate's private key is compromised. The 200-day limit is already active as of March 2026, with 100-day and 47-day limits following in 2027 and 2029.
What types of credentials does ExpiryMap track?
TLS/SSL certificates, API keys, OAuth tokens, domain registrations, cloud provider secrets (AWS, GCP, Azure), HashiCorp Vault secrets, software licenses, code signing certificates, SSH keys, and any custom credential with an expiry date.
How long does setup take?
Under 5 minutes for most teams. Connect your cloud providers via read-only IAM roles, and ExpiryMap's auto-discovery engine scans your infrastructure immediately. No agents to install, no code to deploy.
What alerting integrations are supported?
Slack, PagerDuty, OpsGenie, Microsoft Teams, email, and webhooks. Configure escalation chains so the right person gets alerted at the right time — starting gentle and escalating as expiry approaches.
Is my data secure?
ExpiryMap uses read-only access to your infrastructure. We never store private keys or secret values — only metadata like expiration dates, names, and types. All data is encrypted at rest and in transit. SOC 2 Type II in progress.
Can I try it before committing?
Yes. The free tier tracks up to 25 items with full dashboard access and email alerts — no credit card required. Upgrade to Monitor or Protect whenever you're ready.

Don't Wait for the Next Outage

Every expired certificate is a preventable incident. Start tracking your infrastructure's expiration dates in under 5 minutes.

Free for up to 25 tracked items. Setup in under 5 minutes.