Only matters for LE certs.
You can still buy 1 year certs
Comment on Decreasing Certificate Lifetimes to 45 Days
cron@feddit.org 2 days agoShort lifespans are also great when domains change their owner. With a 3 year lifespan, the old owner could possibly still read traffic for a few more years.
When the lifespan ist just 30-90 days, that risk is significatly reduced.
Appoxo@lemmy.dbzer0.com 1 day ago
cron@feddit.org 1 day ago
For 3 more months or so, you can’t buy them in april 2026 anymore
Appoxo@lemmy.dbzer0.com 1 day ago
oh? Damn
Zanathos@lemmy.world 1 day ago
They are going down to 200 day expiration in March 2026. You can still buy 5 year certificates today but you still need to reissue them in 365 day cadence.
probable_possum@leminal.space 23 hours ago
Moot point!
cron@feddit.org 21 hours ago
The maintainers of the big web browsers have pretty strict rules for CAs in this list. If any one of them gets caught issuing only one certificate maliciously, they are out of business.
And all CAs are required to publish each certificate in multiple public, cryptographically signed ledgers.
Sure, there is a history of CAs issuing certificates to people that shouldn’t have them (e.g. for espionage), but that is almost impossible now.