Currently I support longer expiry, although its entirely possible my view may change.
The issue I have right now is I am not keen on non interactive certificate cycling, if an error occurs during a swap out of certificates it can have very bad consequences.
In addition this also means having a very short HPKP lifetime to allow time between the short warning of upcoming expiry from lets encrypt and new certificate deployment.
It is good lets encrypt has encouraged me to write scripts to automate certificate tasks, such as creating CSR’s and copying of certificates to production configurations, but I am only ok running these scripts currently interactively, not via crontab’s. There is also the matter that certian software such as directadmin is designed to be interactive only for installing certificates, expecting the certificate to be pasted into the UI by the end user. If the UI is bypassed and the certificate is copied directly to the configuration folder, it is reverted when directadmin next update’s its templates.
So in the long term, I think automated deployment is a good thing, but I think these very short expiries are too soon. I would think its better to start off at 12 months and then every couple of years reduce it progressively, so e.g. in 2 years 6 months, then 2 years after 3 months.
Also a final note the official lets encrypt tool doesnt work properly on my FreeBSD servers and I am using an unofficial one which doesnt do any auto installing, it just generates the cert (hence me writing scripts), so this doesnt help matters either.
For sure the email alerts for expiring certs need to be at 30-45 days not 17 days.
I hope my feedback is helpful.