The 90 day issuance policy

ITI · May 4, 2018, 4:52pm

Hello

I read in a post that the 90 day issuance policy is hard coded in.
I’m curious as to why such a short term since a year is often minimal.

Is Let’s Encrypt only intended to be a short term solution to a paid cert?

Just wondering?

Thanks
Glen

mnordhoff · May 4, 2018, 5:08pm

On the contrary, manually renewing certificates every 1 or 2 years is a hassle, but automatic renewal lasts forever, regardless of the lifetime of individual certificates. (As long as it doesn’t break.)

The goal is to make security more common, more reliable and more, er, secure. People can, and do, use Let’s Encrypt for the long haul. It’s not intended to only be a short term stopgap.

Of course, it’s a trade-off. If automation is expensive or impossible in your environment, it might be best to use other procedures, or another CA. Perhaps while working towards more automation – with any CA – in the long term.

ITI · May 4, 2018, 5:27pm

Thank you, I appreciate the explanation.
Glen

system · June 3, 2018, 5:27pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Maximum (and minimum) certificate lifetimes? Issuance Policy	244	83457	November 30, 2015
Pros and cons of 90-day certificate lifetimes Issuance Policy	452	96092	October 23, 2018
SSL certificate validity more time required, more than 90 days Feature Requests	9	11910	July 28, 2021
90 days is too short. Automatic renewal is silly idea Feature Requests	10	10081	July 26, 2018
Lifetime greater than 90 days Help	3	3362	January 5, 2018

The 90 day issuance policy

Related topics