If you’re searching for a free SSL certificate valid for 1 year — it doesn’t exist in 2026. But that’s actually fine, because the industry is moving away from long-lived certificates entirely. Here’s the current landscape and what to do instead.
Current maximum certificate validity
| Type | Maximum validity (2026) | Free? |
|---|---|---|
| Let’s Encrypt | 90 days | ✅ Unlimited |
| Buypass Go | 180 days | ✅ Unlimited |
| ZeroSSL (free tier) | 90 days | 3 certificates |
| Paid DV (any CA) | 200 days* | ❌ $50-268/year |
| Paid OV/EV | 200 days* | ❌ $88-500/year |
*As of March 2026, the CA/Browser Forum reduced maximum validity from 398 days to 200 days. It will shrink further:
| Date | Maximum validity |
|---|---|
| Before March 2026 | 398 days (~13 months) |
| March 2026 | 200 days |
| March 2027 | 100 days |
| March 2029 | 47 days |
By 2029, no certificate — free or paid — will last longer than 47 days. Full details →
Why 90-day certificates are actually better
Let’s Encrypt chose 90-day validity deliberately:
- Limits damage from key compromise — if someone steals your private key, they can only use it until the certificate expires
- Encourages automation — manual renewal every year breeds complacency; 90 days forces good practices
- Reduces revocation dependency — revocation is unreliable; short-lived certs expire before revocation matters
- Proven at scale — 300+ million certificates, 63.9% market share. 90-day validity works.
What to do instead
Option 1: Free 90-day certificate (recommended)
Get a free certificate from GetHTTPS. Renew every 60-80 days.
Manual renewal (GetHTTPS): 5 minutes per renewal, 5-6 times per year. Automatic renewal (Certbot): Zero effort after setup. Guide →
Option 2: Free 180-day certificate
Buypass Go offers 180-day certificates (twice Let’s Encrypt’s validity). Use Certbot or acme.sh with Buypass’s ACME endpoint. No wildcard support.
Option 3: Paid 200-day certificate
If you insist on maximum validity, a paid DV certificate from Sectigo or DigiCert lasts 200 days. Cost: $50-268/year for the same encryption you get for free from Let’s Encrypt. Is paid worth it? →
The math: is 90-day renewal really harder?
| 1-year cert (was) | 90-day cert | 47-day cert (2029) | |
|---|---|---|---|
| Renewals/year | 1 | 5-6 | ~8 |
| Manual effort | 30 min/year | 25-30 min/year | 40+ min/year |
| Automated effort | Still needs setup | Zero (Certbot) | Zero (Certbot) |
| Cost (Let’s Encrypt) | — | $0 | $0 |
| Cost (paid DV) | $50-268 | — | $400-2,144* |
*Projected: 8 renewals × $50-268 per cert. Paid certificates become absurdly expensive with short validity.
Bottom line: With automated renewal (Certbot), certificate validity doesn’t matter — it’s invisible. With manual renewal (GetHTTPS), 5-6 times per year is manageable.
Frequently asked questions
Will free 1-year certificates ever come back?
No. The CA/Browser Forum is reducing validity for all CAs — free and paid. The trend is toward shorter, not longer, certificates. By 2029, 47 days is the maximum for everyone.
I found a site offering “free SSL for 1 year” — is it legit?
Be cautious. Some older pages advertise this but haven’t updated since the March 2026 validity change. Others use “1 year” loosely to mean “free with 90-day auto-renewal through the hosting provider” (which is legitimate — the certificate renews automatically, so it effectively covers you indefinitely).
Is Buypass Go’s 180-day certificate better than Let’s Encrypt’s 90-day?
Longer validity = fewer renewals, which is slightly more convenient for manual workflows. But Buypass doesn’t support wildcard certificates and has a smaller community. For most users, Let’s Encrypt’s ecosystem (GetHTTPS, Certbot, acme.sh) makes it the better choice despite shorter validity.
My hosting provider says “free SSL included forever”
This means they auto-renew Let’s Encrypt (or their CA’s) certificates on your behalf. The individual certificates last 90 days, but renewal is automatic. “Forever” means “we keep renewing for you” — not “one certificate that never expires.”