Sectigo Signing Delays Hit Namecheap SSL Customers
Sectigo's signing servers went down on March 22, stalling SSL issuance for Namecheap users. As 200-day certs double renewal demand, CAs face new pressure.
On March 22, 2026 — just one week after the industry-wide transition to 200-day certificate maximum lifetimes — Sectigo’s signing servers went down, leaving Namecheap customers unable to receive newly issued SSL certificates. The timing is hard to ignore: as renewal volumes double across the industry, even the certificate authorities themselves are showing signs of strain.
This wasn’t an isolated slip. A nearly identical delay hit on March 14, just one day before the new 200-day validity rules took effect, and Sectigo had also scheduled maintenance over the March 21–22 weekend. Now, days later, a fresh incident is affecting customers again — and as of this writing, Namecheap has not yet posted a resolution timestamp.
What Happened
Namecheap’s status page reported that Sectigo was experiencing problems with their signing servers, causing certificates to be issued and delivered with significant delays. Namecheap advised customers that all queued certificates would be delivered once Sectigo resolved the issue — but offered no estimated time for resolution.
The details are sparse, as status page entries often are. But the pattern they reveal is notable:
- December 4–6, 2025: Sectigo signing server delay
- December 8, 2025: Another delay, resolved separately
- December 20–22, 2025: A third December delay
- January 11–13, 2026: Delay spanning three days
- March 14, 2026: Delay resolved just before the 200-day transition
- March 21–22, 2026: Scheduled maintenance window
- March 22, 2026: Signing server issues again, status: Updated (ongoing)
That’s at least seven disruptions to SSL issuance through Sectigo in roughly four months.
Why the 200-Day Transition Makes This Worse
The timing is directly relevant. On March 15, 2026, the CA/Browser Forum’s new maximum certificate validity of 200 days came into force. For every organization that previously renewed once a year, renewals now happen roughly twice a year. For any organization that renewed on a 13-month cycle with a comfortable buffer, that buffer has now been cut in half.
What this means in practice: the total number of certificate issuance requests flowing through certificate authorities is approximately doubling. That’s a significant load increase for the signing infrastructure that processes, validates, and issues every certificate that leaves a CA. Sectigo — the world’s largest commercial CA by market share — handles an enormous volume of this traffic.
It would be unfair to attribute Sectigo’s recent delays solely to the 200-day transition without a formal post-mortem. But the pattern of accelerating incidents over the past several months, peaking right around the transition date, is a data point worth watching.
The Impact on Customers
For web professionals and IT teams, a signing server delay creates a specific and painful problem: you’ve triggered a certificate renewal, submitted your domain control validation, and now you’re waiting — with no clear timeline — for the certificate to actually arrive. If the outgoing certificate expires while you’re in that queue, you have an outage.
This is especially dangerous for teams that cut it close on renewals, which is exactly the habit that becomes costlier as certificate lifetimes shrink. With 200-day certs, a one- or two-day signing delay eats meaningfully into the lead time you thought you had.
The risk compounds as we approach 2027 and 2029, when maximum lifetimes drop to 100 days and then 47 days respectively. At 47-day certificates, a two-day signing outage represents more than 4% of a certificate’s entire valid lifespan. Teams that aren’t automating renewal well in advance of expiration will find delays like this much harder to absorb.
What to Do
If you’re a Namecheap or Sectigo customer, a few practical steps help protect you from signing delays:
- Renew significantly ahead of expiration. With 200-day certificates, aiming to renew at 60 days remaining gives you a reasonable buffer even if the CA experiences a multi-day delay.
- Check the status page before you need it. Namecheap’s status page (status.namecheap.com) and Sectigo’s are worth bookmarking. Knowing an incident is already in progress before you submit a renewal request lets you plan around it.
- Consider ACME-based automation. Let’s Encrypt and other ACME-compatible CAs automate the full issuance cycle, often with retry logic built in, which reduces exposure to any single CA’s availability window.
- Don’t let certificates get close to expiry before renewing. If you’re waiting until 30 days out, a multi-day CA outage can become a real emergency. Start at 60–90 days.
Staying Ahead of CA Outages and Expiration Risk
The uncomfortable truth is that you’re dependent on your certificate authority’s uptime at the exact moment you need a renewal — and that dependency is becoming more frequent. With 200-day certs, you have twice as many opportunities per year to be caught in a CA outage at the wrong time.
Tracking when your certificates are due for renewal — before you’re in the danger zone — is the best way to preserve flexibility. SSLcalendar.com sends you expiration reminders well in advance, so you have time to renew early and absorb a delay without pressure. For organizations managing many domains or needing deeper insight into TLS health, SSLboard.com provides full certificate surveying and vulnerability detection across your entire portfolio.
The 200-day era has barely started. The operational pressure on both CAs and their customers is still ramping up.
Sources: Namecheap Status – Delay in SSL certificate issuance, March 22, 2026, Namecheap Status – Delay in SSL certificate issuance, March 14, 2026, Namecheap Status – Sectigo CA Scheduled Maintenance, March 21–22, 2026, Sectigo: Certificate Expiration Risk — 200 Day Validity Starts March 15