The web browser and certificate authority industry is shortening the maximum allowed lifetime of TLS certificates. These changes will improve security on the Web, but you may have to change certificate maintenance practices for apps you run on Heroku. The good news is that if you’re using Heroku Automated Certificate Management , no changes are required: Heroku already refreshes and updates certificates on your apps according to the new policies. If you maintain and upload certificates for your Heroku applications yourself, here is what the changes will mean for you. Industry shift towards shorter certificate lifetimes The CA/Browser Forum is phasing in shorter maximum lifetimes for all publicly trusted SSL/TLS certificates . While the final goal is a 47-day limit by 2029, the first major milestone is approaching quickly. Starting March 15, 2026 , the maximum validity period for publicly trusted SSL/TLS certificates will be reduced to 200 days .…