Comment on Decreasing Certificate Lifetimes to 45 Days
JASN_DE@feddit.org 7 hours agoSo what’s the floor here realistically, are they going to lower it to 30 days, then 14, then 2, then 1?
LE is beta-testing a 7-day validity, IIRC.
Will we need to log in every morning and expect to refresh every damn site cert we connect to soon?
No, those are expected or even required to be automated.
dan@upvote.au 7 hours ago
7-day validity is great because they’re exempt from OCSP and CRL. Let’s Encrypt is actually trying 6-day validity, not 7: letsencrypt.org/2025/01/16/6-day-and-ip-certs
Another feature Let’s Encrypt is adding along with this is IP certificates, where you can add an IP address as an alternate name for a certificate.
JASN_DE@feddit.org 7 hours ago
Ah, well. I only remembered something about a week.