<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<br>
<div class="moz-cite-prefix">On 2020-02-22 7:02 p.m., Phillip
Hallam-Baker wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMm+LwgLjosGRqF_YqasZtfKxxjp-+bbvd1cW6HutRVK4iHHWA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">On Sat, Feb 22, 2020 at 8:08 PM John-Mark Gurney
<<a href="mailto:jmg@funkthat.com" moz-do-not-send="true">jmg@funkthat.com</a>>
wrote:<br>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Patrick Chkoreff wrote
this message on Sat, Feb 22, 2020 at 18:23 -0500:<br>
> Henry Baker wrote on 2/22/20 12:04 PM:<br>
> <br>
> > <a
href="https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/</a><br>
> ...<br>
> > We note Let's Encrypt issues free HTTPS
certificates that expire after<br>
> > 90 days, and provides tools to automate renewals,
so those will be<br>
> > just fine â?????? and they are used all over the
web now.<br>
> <br>
> Yes, the auto-renewal works beautifully and eliminates
a world of<br>
> headaches. I suspect that Apple's move will accelerate
the adoption of<br>
> Let's Encrypt, now that everyone will have to renew
more often.<br>
<br>
Or at least force other CA's to adaopt the ACME api to issue
certs.<br>
<br>
Overall, it's a good thing, and IMO, even 90 days is a bit
long. With<br>
automated renewal, 7-30 days is more than long enough.<br>
</blockquote>
<div><br>
</div>
<div class="gmail_default" style="font-size:small">With
automated renewal, limit validity to 7 days and renew daily.
No need for OCSP or CRLs.</div>
</div>
</div>
</blockquote>
Correct me if I'm wrong, but my ACME api can't automate the
auto-renewal for my email server if it doesn't have a web port open,
or my HP ILO servers for the management port, or the VPN servers
with other styles of lockdowns, .... other forms of automation are
thus required, at various levels of complexity.<br>
<br>
</body>
</html>