Cert from LetsEncrypt for greater than 3 months?

How do I get a certificate for greater than 3 months ? Happy to pay.

Info is not easily found @ letsEncrypt.org ! Can the powers that be direct me to where I can find such info ?! ( Shut up and take my money :rofl::heart_eyes:)

You can't, not from Let's Encrypt.

Other CAs will be happy to sell you one, though :smiley:

1 Like

It's in the FAQ: FAQ - Let's Encrypt


You can get one from BuyPass Go for 180 days but everyone else (running free ACME services) is 90 days.

It also raises the question of why you want a long lived certificate? You should/must automate certificates used for production systems, so the lifecycle of the individual certificate shouldn't matter.



Up until recently the maximum and minimum certificate lifetime was 90 days.

Now there's a CA that allows you to ask for shorter lifetimes (less than three days is "discouraged").

@joe-oli tell us your needs, we might be able to help you.


Nothing fancy, in the same way I can get a 1 yr or 2 yr certificate from Digicert, that's what I am looking for; just want to install it on IIS (Windows WebServer) and be done with it for the year (or 2 years) - I don't know why everyone keeps saying "yeah automation is good, yeah 3 months is a good" Go and look at microsoft.com, or ibm.com, or redhat.com, the cert is for a full 1 year :stuck_out_tongue_winking_eye:

At the risk of (more) self promotion, have you tried https://certifytheweb.com - it'll do what you want with IIS but using 90 day certs that are auto renewed (other ACME clients are available).

You can indeed get 1 yr (or greater) certs via DigiCert, SSL.com etc but they are generally manually installed (they can be automated too, but people don't always bother with automation for long term certs).


Yeah ok thanks, I'll take a look at your suggested CA.
[EDIT: Ok, you are not a CA, you are selling an automation tool. All the best, but I'll do it manually]

1 Like

And Google uses a cert valid for less than 3 months, so what's your point? Exactly, what others do is not a very good argument if you'd ask me.

If you read the link in the FAQ item I posted earlier, you would have seen some arguments for short cert lifetime and, with that, automation: Why ninety-day lifetimes for certificates? - Let's Encrypt

Certify The Web also has a free version. If you don't like Certify the web, you can choose from a broad range of other ACME clients: ACME Client Implementations - Let's Encrypt



Have you seen google.com? facebook.com? mozilla.org? :smiley:

You know they make browsers and serve the biggest websites of the internet, right?


You actually can't get certificates for 2 years anymore; the general limit from any CA right now is currently 398 days (just over 1 year 1 month).


Correct. The CA/Browser Forum Baseline Requirements Documents (SSL/TLS Server Certificates)

Is clearly stated in 6.3.2 Certificate operational periods and key pair usage periods


What is your actual goal, though? I assume you're not trying to get a year-long certificate just to have a year-long certificate.

Oh yes, that is exactly what I am trying to do, set and forget. If it's good enough for microsoft.com, ibm.com, etc etc.. then it's good enough for me.

Trust me, automation is set it and forget. I setup my webserver ages ago and it automatically renews and reloads every 60 days like clockwork.

With automation it doesn't matter whether it's 90 days, 1 year, or 1 week. I haven't had to mess with certificates in ages beyond configuring it to get more, or no longer get ones I don't need anymore.


Please appreciate the following:

  • Manual one year cert after one year: "Darn, my website is down due to the expired cert, I forgot, now I have to manually renew it again!"
  • Automated cert, lifetime irrelevant, after 5 years: "Oh, I forgot it's there, because it just always renews automatically and I don't have to do anything about it."