Six day and IP address certificate options in 2025

(letsencrypt.org)

197 points SGran | 1 comments | 16 Jan 25 15:36 UTC | HN request time: 0.331s | source

Show context

rickette ◴[16 Jan 25 19:32 UTC] No.42729799[source]▶

Kinda funny to call the current 90 day certs "long lived". When Let's Encrypted started out more than 10 years ago most certs from major vendors had a 1 year life span. Let's Encrypt was (one of) the first to use drastically shorter life spans, hence all the ACME automation effort.

replies(3): >>42730254 #>>42730324 #>>42735256 #

ryandrake ◴[16 Jan 25 20:10 UTC] No.42730254[source]▶

>>42729799 #

To someone like me with hobby-level serving needs, the 90 day certificate life is pretty inconvenient, despite having automation set up. I run a tiny VPS that hosts basic household stuff like e-mail and a few tiny web sites for people, and letsencrypt/certbot automation around certificate renewal is the only thing that I seem to need to regularly babysit and log in to manually run/fix. Everything else just hums along, but I know it's been 90 days because I suddenly can't connect to my E-mail or one of the web virtual hosts went down again. And sure enough, I just need to run certbot renew manually or restart lighttpd or whatever.

replies(16): >>42730288 #>>42730534 #>>42730907 #>>42731093 #>>42731446 #>>42731761 #>>42731830 #>>42731926 #>>42731977 #>>42732175 #>>42732403 #>>42732552 #>>42733057 #>>42733861 #>>42734330 #>>42735479 #

1. MaKey ◴[16 Jan 25 22:42 UTC] No.42731830[source]▶

>>42730254 #

> [...] despite having automation set up.

Clearly it's not working correctly, so a longer certificate lifetime wouldn't address the root cause - you would just have to fix your setup less often.

↑