When an attacker compromises a certificate’s private key, they may bypass revocation checks42 and use that certificate until it expires. Shorter lifetimes decrease the compromise window in situations like Heartbleed16.
Howmany private keys are reported stolen so far? they want everyone suffer for 0.000000000000000000000000000000000000000000001% incident ?
Offering free certificates with a shorter lifetime provides
encouragement for operators to automate issuance. Automated issuance
decreases accidental expiration, which in turn may reduce
warning-blindness in end-users.
no it gives only headache and tension, webmasters don’t want their site visitors see site not secure warning because of ssl expiry.
Let’s Encrypt’s total capacity is bound by its OCSP signing capacity, and LE is required to sign OCSP responses for each certificate until it
expires. Shorter expiry period means less overhead for certificates
that were issued and then discarded, which in turn means higher total
so literally LE wants every website visitors see site not secure warning after 90 days? if its a capacity problem how other ssl authority offering ssl certicate for 1year 2 year …5 years 10years