please increase certificate lifetime to 365 days 90days is not sufficient.
2 Likes
less pros and more cons ,in fact those pros are meaningless.
It’s also meaningless to begin the discussion all over again here… I’d suggest you’d take @jsha advices in consideration and a) like the first post in the discussion mentioned above if you’d want longer certificate lifetimes and possibly b) engange constructively in the discussion itself.
When an attacker compromises a certificate's private key, they may bypass revocation checks42 and use that certificate until it expires. Shorter lifetimes decrease the compromise window in situations like Heartbleed16.
Howmany private keys are reported stolen so far? they want everyone suffer for 0.000000000000000000000000000000000000000000001% incident ?
Offering free certificates with a shorter lifetime provides
encouragement for operators to automate issuance. Automated issuance
decreases accidental expiration, which in turn may reduce
warning-blindness in end-users.
no it gives only headache and tension, webmasters don't want their site visitors see site not secure warning because of ssl expiry.
Let's Encrypt's total capacity is bound by its OCSP signing capacity, and LE is required to sign OCSP responses for each certificate until it
expires. Shorter expiry period means less overhead for certificates
that were issued and then discarded, which in turn means higher total
issuance capacity.
so literally LE wants every website visitors see site not secure warning after 90 days? if its a capacity problem how other ssl authority offering ssl certicate for 1year 2 year ....5 years 10years
2 Likes
Please use the existing thread for this topic, thanks.