Extend Certificate lifetime to one year


#1

I understand the reasons for limiting a certificate to only 90 days however I manage windows systems and Sonicwall routers. Every three months I need to
0. Log in to go daddy and fiddle with the DNS

  1. Log into my Linux server
  2. Renew certificate
  3. Export certificate
  4. Convert PEM to PFX
  5. Import Certificate to the device (harder then it sounds)
  6. Assign updated certificate to be used
  7. Log back in to Godaddy and change back to DNS

It is cool that we want to keep everything automated and once more operating systems are supported we should keep it at 90 days and have everything authenticate but for now can we make the certificates last one year please?

PS: Thank you so much for EVERYTHING you guys are doing. I think it is a wonderful initiative that will help keep the internet safer for everyone. YOU GUYS ROCK!


#2

Wishful thinking but I don’t think we are going to see anymore than 90 day certs. Good reasoning and explanation here.

I read somewhere on one of these threads that even Google is starting to use 90 day certs on some of their systems, can’t for the life of me find that thread though.


#3

Since that isn’t going to happen, you should post to https://community.letsencrypt.org/c/server-config with details of your workflow, and people will help you automate all or most of it. You should be using the DNS challenge so that you don’t have to change your router’s DNS to use the HTTP challenge every time.


#4

:+1:That’s on my own agenda too is to switch to a DNS challenge system.


#5

Please use the existing thread for any discussion regarding certificate lifetimes. Thanks!


#6