State of SSL 2026
Global Website Security Intelligence Report
Analyzing 193M active SSL certificates across 362M domains at the exact moment the CA/Browser Forum lifecycle mandate compresses certificate validity from 398 days to 200 days.
Key Signals From the Data
• 3.2 million certificates still exceed the new 200-day validity limit
• 46.5 million domains are currently running invalid SSL — growing nearly 3x faster than valid certificate growth
• Multi-domain SAN certificates collapsed 44.4% in a single year as organizations restructure deployments
• One major CA lost 5.6 percentage points of market share in 12 months while every other top-5 CA grew
If you work in the SSL ecosystem and would like to discuss the findings or explore how these trends may affect your organization, feel free to reach out.
alex@wowwong.com
