On the subject of automationā¦ specifically, why automation is such a big part of the LE mission.
This issue has two sides: support and security.
With respect to support, I suspect that the folks who conceived of this project saw automation as a solution to a very basic problem for a free CA: how to support a large number of users with no staff. That is to say, LE is currently (and probably always will be) a very small organization. They donāt have staff to support users. So I imagine that their hope is that by building a community of users for whom everything is automated, then the need for active, live support staff will be limited.
And the other side of the coin is security: specifically, how to maximize the security of their systems. A short certificate lifetime has a very basic security advantage: if something gets compromised, you donāt have to wait long before browsers start rejecting the cert, even if no action is taken (FWIW, this is the same reason why credit cards have expiration dates). However, as so many have pointed out in this thread, a short cert lifetime is a major pain in the you-know-what. For these folks, a longer lifetime is going to be necessary to avoid that pain. But at the same time, these folks are going to miss out on the security benefits of a shorter lifetime.
Now, Iām not affiliated with LE in any way. Iām not even in the beta program - Iām waiting for the public beta (and to get the project Iām working on into a state where itās ready to deploy). But the reasoning for the decisions that have been made seems clear to me:
If you can build a community of users who are automating certificate renewals (to reduce or eliminate the need for support), you can also implement short cert lifetimes and thereby improve security.
Is automation going to work for every use case? No, certainly not. Is the security improvement gained from short cert lifetimes substantial? I donāt know - Iād love to hear what others think on this point.
In the end, all we can do is individually determine if LE will meet our needs. We can, of course, continue to push for changes to their policies. I suspect that, in the short term at least, requests for longer cert lifetimes will be refused because of the rationale Iāve described here.