alt Hacker NewsCan someone explain why letsencrypt certificates have to be 90 days expiry? I know there is automation available, but what is the rationale for 90 days?
Replies
Others have already given your answer, but heads up, LE is lowering the certificate lifetime to 45 days[0].
I’ve heard one rationale that it is short enough to force you to set up the automation, but don’t know if this was actually a consideration or not
You can just read their explanation: https://letsencrypt.org/2015/11/09/why-90-days
Tl;dr is to limit damage from leaked certs and to encourage automation.
It's so annoying. Eventually we will get to the point that every connection will have its own unique certificate, and so any compromised CA will be able to be “tapped” for a particular target without anybody else being able to compare certs and figure it out.
The best computer possible on the Earth today can crack it for 91 days in the best case for him.