I got the following email today from Thawte:

Important Service Announcement

Dear Scott Baker,

We want to inform you of upcoming deprecation of 3-year certificates.

The CA/Browser Forum approved Ballot 193 which reduces the maximum validity period (or 'lifetime') for Domain Validated (DV) or Organization Validated (OV) certificates from 39 months to 27 months (825 days).

You will no longer be able to order a 3-year certificate after February 20, 2018.

Important note: This is an industry-wide change required of all Certificate Authorities.

Moving forward, no Certificate Authority will be able to sell an SSL cert valid for more than 27 months. This is less than ideal, because long cert expiration dates are pretty handy for some of those secure-and-forget-about sites.