[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Apr 17 22:52:29 EDT 2025
Stephen Farrell writes:
>Is that correct for LE? IIUC their (good) argument for 90 days is to force
>automation of renewal, and failing to renew/expiry was a much more frequent
>problem before LE started doing 90 day certs in 2015.
>
>It's very unclear to me that moving from 90 to 47 days would improve anything
>though, so I'm not sure what the logic there is.
That sounds like an operational issue rather than a security issue, and as you
say the move to 47 days has no obvious justification beyond rounding up twice
the usual number of suspects.
Or at least twice plus some sort of rounding error for the extra two days.
Peter.
More information about the cryptography
mailing list