There is no compelling reason to lock the certificate lifetimes to 90 days (or any other period) that will pass scrutiny.
First, training people to automate so they will not forget how to do things is the antithesis of what is being promoted. Once automated how to process the task will definitely be a forgotten skill. The choice of 90 days could have then been 45 days or any other random number that could be sold to a gullible client base based on fear-mongering. This reason for selecting 90 days is not convincing and does not have an open rationale.
EDIT: I did forget to mention that once renewal is automated the administrators no longer need to be at the helm the number of unattended certificates WILL increase rather than expire when no longer maintained through human intervention.
Selecting a default period that forces automation does not explain why other periods will not be available. I think 90 days as a default is probably quite practical for most use cases.
Certain tasks may by design or convenience do better with a longer or a shorter (revoking is often a possible workaround) period and should be accommodated. Some things will not lend themselves to regular supervision, imagine your certificates expire while on the way to Mars in hibernation and the wakeup command cannot be authenticated.
Lack of flexibility in the matter has to be assumed to be due to sponsor pressure and could explain the number of sponsors who want the appearance of a free CA but are happy to have a limited or crippled service.
With the pace of the internet many certificates may no longer be needed 39 months (as provided by some other CA) from now and would never come up for renewal.
One concern that I have not seen addressed is the increasing amount of coded traffic that the periodic (and reasonably predictably timed) refreshing of the certificates will cause to leak to and from the CA and the client. Unexpected data and meta-data may pass that does not need to that may be giving opportunity to eavesdroppers to track activity, this alone should give pause to anyone using a cryptographic system or application of any sort that has arbitrary limits placed on end users that do not ring true. If the system insisted that all certificates were between 1 and 38 months plus rand(700) hours (and then automatically refreshed with the client software as promoted) it would make me suspect much more good faith. Does it quack like a duck?
If any free service is limited by decisions made against user interests it must be assumed that people (actual individuals, seldom does a complete group need to be compromised) in leadership positions have been coerced into promoting the party line, there can be no other logical conclusion and the service must be used within these limitations.
@paulxx Mentions some similar thoughts above. Mostly he also said the customer should be the one to decide.
I hope my cynicism is misdirected and the problem will be resolved flexibly. I also apologise if any persons in authority in this project feel I have imputed that they are not free of possible bowing to pressure, but sadly the easiest way to subvert any important system with leaders is through the leaders.