[GH-ISSUE #241] Safari will start limiting validity to 1 year #154

New issue

Closed

opened 2026-02-25 22:32:44 +03:00 by kerem · 1 comment

kerem commented

2026-02-25 22:32:44 +03:00

Owner

Originally created by @rfay on GitHub (Feb 21, 2020).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/241

Per https://www.thesslstore.com/blog/ssl-certificate-validity-will-be-limited-to-one-year-by-apples-safari-browser/ Safari will start limiting cert validity to a year.

I'd be in favor of switching mkcert certs to just have a 364-day validity. At least the way we use them, they get regenerated much sooner than a year.

Originally created by @rfay on GitHub (Feb 21, 2020). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/241 Per https://www.thesslstore.com/blog/ssl-certificate-validity-will-be-limited-to-one-year-by-apples-safari-browser/ Safari will start limiting cert validity to a year. I'd be in favor of switching mkcert certs to just have a 364-day validity. At least the way we use them, they get regenerated much sooner than a year.

kerem closed this issue

2026-02-25 22:32:44 +03:00

kerem commented

2026-02-25 22:32:45 +03:00

Author

Owner

@FiloSottile commented on GitHub (Oct 25, 2020):

The one year limit only applies to public CAs, so it does not affect us.

This change will not affect certificates issued from user-added or administrator-added Root CAs.

https://support.apple.com/en-us/HT211025

@FiloSottile commented on GitHub (Oct 25, 2020): The one year limit only applies to public CAs, so it does not affect us. > This change will not affect certificates issued from user-added or administrator-added Root CAs. https://support.apple.com/en-us/HT211025

kerem referenced this issue

2026-02-25 22:32:49 +03:00

[GH-ISSUE #296] Automatic renewal per Acme? #188