ssl – Why was 398 days chosen for TLS expiration? – Stack Overflow
Posted by jpluimers on 2026/01/01
Cool, since I switched to Let’s Encrypt a long while ago, I missed that various tools now require TLS expiration be no longer than 398 days away (and preferably even 397 days).
So I also missed the reason for that specific number of days. [Wayback/Archive] ssl – Why was 398 days chosen for TLS expiration? – Stack Overflow (thanks [Wayback/Archive] stevendesu and [Wayback/Archive] user10063)
answers it:
366+31+1 = 398 days
It equals one leap year + one month + “a little room to handle the messiness of dates.”
then posts a lot of quotes from references to the history on how that reason came to be. I have archived and listed the links below.
Most of the discussion was during a very hectic time in life: after a single sided bad accident my mentally retarded brother was in and assisting him during his recovery period, I developed cancer and had extensive treatments against it. All the more reason for missing all this:
- [Wayback/Archive] [cabfpub] Draft Ballot 185 – Limiting the Lifetime of Certificates (1)
- [Wayback/Archive] [cabfpub] Draft Ballot 185 – Limiting the Lifetime of Certificates (2)
- [Wayback/Archive] [cabfpub] Draft Ballot 185 – Limiting the Lifetime of Certificates (3)
- [Wayback/Archive] [cabfpub] Draft Ballot 185 (2) – Limiting the Lifetime of Certificates
- [Wayback/Archive] [cabfpub] Durations
- [Wayback/Archive] Ballot 193 – 825-day Certificate Lifetimes – CAB Forum
- [Wayback/Archive] [cabfpub] Draft Ballot 185 – Limiting the Lifetime of Certificates: User input
- [Wayback/Archive] Ballot 185 – Limiting the Lifetime of Certificates – CAB Forum
- [Wayback/Archive] [Servercert-wg] Ballot SC22: Reduce Certificate Lifetimes (v2)
- [Wayback/Archive] [cabf_validation] Draft Ballot SCXX: Improve Certificate Lifetimes
- [Wayback/Archive] [cabf_validation] Draft Ballot SCXX: Improve Certificate Lifetimes
- [Wayback/Archive] [cabf_validation] Draft Ballot SCXX: Improve Certificate Lifetimes
- [Wayback/Archive] Ballot SC22: Reduce Certificate Lifetimes by sleevi · Pull Request #138 · cabforum/servercert
- [Wayback/Archive] Ballot SC22 – Reduce Certificate Lifetimes (v2) – CAB Forum
- [Wayback/Archive] About upcoming limits on trusted certificates – Apple Support
- [Wayback/Archive] SC31 – Browser Alignment by sleevi · Pull Request #195 · cabforum/servercert
- [Wayback/Archive] [Servercert-wg] Ballot SC31 – Browser Alignment
- [Wayback/Archive] Ballot SC31: Browser Alignment – CAB Forum
–jeroen
The Wiert Corner - irregular stream of stuff 
Leave a comment