The 90 day issuance policy



I read in a post that the 90 day issuance policy is hard coded in.
I’m curious as to why such a short term since a year is often minimal.

Is Let’s Encrypt only intended to be a short term solution to a paid cert?

Just wondering?



On the contrary, manually renewing certificates every 1 or 2 years is a hassle, but automatic renewal lasts forever, regardless of the lifetime of individual certificates. (As long as it doesn’t break.)

The goal is to make security more common, more reliable and more, er, secure. People can, and do, use Let’s Encrypt for the long haul. It’s not intended to only be a short term stopgap.

Of course, it’s a trade-off. If automation is expensive or impossible in your environment, it might be best to use other procedures, or another CA. Perhaps while working towards more automation – with any CA – in the long term.


Thank you, I appreciate the explanation.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.