I understand the reasons for limiting a certificate to only 90 days however I manage windows systems and Sonicwall routers. Every three months I need to
0. Log in to go daddy and fiddle with the DNS
Log into my Linux server
Renew certificate
Export certificate
Convert PEM to PFX
Import Certificate to the device (harder then it sounds)
Assign updated certificate to be used
Log back in to Godaddy and change back to DNS
It is cool that we want to keep everything automated and once more operating systems are supported we should keep it at 90 days and have everything authenticate but for now can we make the certificates last one year please?
PS: Thank you so much for EVERYTHING you guys are doing. I think it is a wonderful initiative that will help keep the internet safer for everyone. YOU GUYS ROCK!
I read somewhere on one of these threads that even Google is starting to use 90 day certs on some of their systems, can’t for the life of me find that thread though.
Since that isn’t going to happen, you should post to https://community.letsencrypt.org/c/server-config with details of your workflow, and people will help you automate all or most of it. You should be using the DNS challenge so that you don’t have to change your router’s DNS to use the HTTP challenge every time.