diff --git a/Dockerfile b/Dockerfile
index bba88db..f13d772 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,7 +7,6 @@ LABEL \
 	vendor="devilbox" \
 	license="MIT"
 
-
 ###
 ### Build arguments
 ###
diff --git a/data/create-vhost.sh b/data/create-vhost.sh
index a0a0220..75100bc 100755
--- a/data/create-vhost.sh
+++ b/data/create-vhost.sh
@@ -11,7 +11,8 @@ VHOST_TPL="${4}"
 CA_KEY="${5}"
 CA_CRT="${6}"
 GENERATE_SSL="${7}"
-VERBOSE="${8:-}"
+SSL_VALIDITY="${8}"
+VERBOSE="${9:-}"
 
 if [ "${GENERATE_SSL}" = "1" ]; then
 	if [ ! -d "/etc/httpd/cert/mass" ]; then
@@ -23,7 +24,7 @@ if [ "${GENERATE_SSL}" = "1" ]; then
 	_out_key="/etc/httpd/cert/mass/${VHOST_NAME}${VHOST_TLD}.key"
 	_out_csr="/etc/httpd/cert/mass/${VHOST_NAME}${VHOST_TLD}.csr"
 	_out_crt="/etc/httpd/cert/mass/${VHOST_NAME}${VHOST_TLD}.crt"
-	if ! cert-gen -v -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n "${_domain}" -e "${_email}" -a "${_domains}" "${CA_KEY}" "${CA_CRT}" "${_out_key}" "${_out_csr}" "${_out_crt}"; then
+	if ! cert-gen -v -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n "${_domain}" -e "${_email}" -a "${_domains}" -d "${SSL_VALIDITY}" "${CA_KEY}" "${CA_CRT}" "${_out_key}" "${_out_csr}" "${_out_crt}"; then
 		echo "[FAILED] Failed to add SSL certificate for ${VHOST_NAME}${VHOST_TLD}"
 		exit 1
 	fi
diff --git a/data/docker-entrypoint.d/08-cert-gen.sh b/data/docker-entrypoint.d/08-cert-gen.sh
index 845091c..976961d 100755
--- a/data/docker-entrypoint.d/08-cert-gen.sh
+++ b/data/docker-entrypoint.d/08-cert-gen.sh
@@ -17,6 +17,7 @@ cert_gen_generate_ca() {
 	local crt="${2}"
 	local verbose="${3}"
 	local debug="${4}"
+	local def_days="${5:-}"
 
 	# Create directories
 	if [ ! -d "$( dirname "${key}" )" ]; then
@@ -33,9 +34,16 @@ cert_gen_generate_ca() {
 		verbose=""
 	fi
 
+	# user defined custom days
+	if [ -z "${def_days}"  ]; then
+		def_days="820"
+	else
+		def_days="${5}"
+	fi
+
 	# Generate CA if it does not exist yet
 	if [ ! -f "${key}" ] || [ ! -f "${crt}" ]; then
-		run "ca-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n 'Devilbox Root CA' -e 'cytopia@devilbox.org' ${key} ${crt}" "${DEBUG_LEVEL}"
+		run "ca-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n 'Devilbox Root CA' -e 'cytopia@devilbox.org' -d ${def_days} ${key} ${crt}" "${DEBUG_LEVEL}"
 	fi
 }
 
@@ -54,6 +62,7 @@ cert_gen_generate_cert() {
 	local domains="${8}"
 	local verbose="${9}"
 	local debug="${10}"
+	local def_days="${11:-}"
 
 	# If not enabled, skip SSL certificate eneration
 	if [ "${enable}" != "1" ]; then
@@ -83,6 +92,13 @@ cert_gen_generate_cert() {
 		verbose=""
 	fi
 
+	# user defined custom days
+	if [ -z "${def_days}"  ]; then
+		def_days="820"
+	else
+		def_days="${11}"
+	fi
+
 	# Get domain name and alt_names
 	cn=
 	alt_names=
@@ -98,5 +114,5 @@ cert_gen_generate_cert() {
 	done
 	alt_names="$( echo "${alt_names}" | xargs )" # tim
 
-	run "cert-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n '${cn}' -e 'admin@${cn}' -a '${alt_names}' ${ca_key} ${ca_crt} ${key} ${csr} ${crt}" "${debug}"
+	run "cert-gen ${verbose} -c DE -s Berlin -l Berlin -o Devilbox -u Devilbox -n '${cn}' -e 'admin@${cn}' -a '${alt_names}' -d ${def_days} ${ca_key} ${ca_crt} ${key} ${csr} ${crt}" "${debug}"
 }
diff --git a/data/docker-entrypoint.sh b/data/docker-entrypoint.sh
index 38b1ee4..8ed5509 100755
--- a/data/docker-entrypoint.sh
+++ b/data/docker-entrypoint.sh
@@ -54,6 +54,13 @@ DEBUG_RUNTIME="$( env_get "DEBUG_RUNTIME" "0" )"
 log "info" "Runtime debug: ${DEBUG_RUNTIME}" "${DEBUG_LEVEL}"
 
 
+###
+### Does user have custom SSL validity settings?
+###
+MAIN_VHOST_SSL_VALIDITY_PERIOD="$( env_get "MAIN_VHOST_SSL_VALIDITY_PERIOD" "803" )"
+log "info" "SSL Generation Validity period: ${MAIN_VHOST_SSL_VALIDITY_PERIOD}" "${DEBUG_LEVEL}"
+
+
 ###
 ### Change uid/gid
 ###
@@ -201,7 +208,7 @@ vhost_gen_mass_vhost_tld \
 ###
 ### Create Certificate Signing request
 ###
-cert_gen_generate_ca "${CA_KEY}" "${CA_CRT}" "${DEBUG_RUNTIME}" "${DEBUG_LEVEL}"
+cert_gen_generate_ca "${CA_KEY}" "${CA_CRT}" "${DEBUG_RUNTIME}" "${DEBUG_LEVEL}" "${MAIN_VHOST_SSL_VALIDITY_PERIOD}"
 
 
 ###
@@ -217,7 +224,8 @@ cert_gen_generate_cert \
 	"/etc/httpd/cert/main/localhost.crt" \
 	"${MAIN_VHOST_SSL_CN}" \
 	"${DEBUG_RUNTIME}" \
-	"${DEBUG_LEVEL}"
+	"${DEBUG_LEVEL}" \
+	"${MAIN_VHOST_SSL_VALIDITY_PERIOD}"
 
 
 
@@ -244,7 +252,7 @@ if [ "${MASS_VHOST_ENABLE}" -eq "1" ]; then
 	fi
 
 	# Create watcherd sub commands
-	watcherd_add="create-vhost.sh '%%p' '%%n' '${MASS_VHOST_TLD}' '%%p/${MASS_VHOST_TPL}/' '${CA_KEY}' '${CA_CRT}' '1' '${verbose}'"
+	watcherd_add="create-vhost.sh '%%p' '%%n' '${MASS_VHOST_TLD}' '%%p/${MASS_VHOST_TPL}/' '${CA_KEY}' '${CA_CRT}' '1' '${MAIN_VHOST_SSL_VALIDITY_PERIOD}' '${verbose}'"
 	watcherd_del="rm /etc/httpd/vhost.d/%%n.conf"
 	watcherd_tri="${HTTPD_RELOAD}"