On the old thread there were some software stated (just take OpenVPN here). But I think this is useless, as then the next argument is on of the following:
- this software is only rarely used or in special environments
- it’s just a few seconds of downtime six to nine times a year
- this is old software, the new version can be reloaded w/o restarting
- right now it cannot reload w/o breaking connection, but a new version will be developed which can do it
But these are spurious arguments and don’t help. Just take (certified) appliances where you cannot easily deploy new software or the vendor won’t implement LE. Automation is very error prone there. A perfect solution could be use 90 days or below (on user request) for places where automation is possible, but also allow to request longer valid certificates where automation isn’t easily possible or even impossible. - But that’s also stated in this thread several times…
If the decision is 90 days and that’s it, period, ok, then LE isn’t the CA of choice for you. That’s sad, as this contradicts the LE goal of “let’s encrypt everything”, but it’s their decision, if we like it or not.
I think by stating that goal LE sparked hopes that this is the one CA which will solve all our problems (also see the discussions on certificates for IPs and wildcard certificates)…