F-Droid site certificate expired

Because those ephemeral LE certificates are such a great idea...

It is, if your objective is to closely centralize the web. If you make https mandatory, via scare tactics, only people with certificates will have websites. If you make ephemeral certificates mandatory by taking advantage of a monopoly, then only big SSL providers who can afford it will survive.

Then, when you have only two or three big SSL providers, it's way easier to shut someone off by denying them a certificate, and see their site vanish in mere weeks.

You don't need short expirations for that. CRLs/OCSP already provided a mechanism for certificates to be revoked before they expire.

However, short expirations severely limit the damage an attacker can do if they steal your private key.

And they avoid the situations where an organization simply forgets to renew a cert, because automating something so infrequent is genuinely difficult from an organizational standpoint. Employees leave, calendar reminders go missing, and yeah.

CRLs are becoming bulky, and OCSP have some privacy implications (telling the CA which websites you visit), plus most browsers are set to soft fail if there's an outage and the request can't be made instead of a hard fail and making the website inaccessible, reducing the security and usefulness of OCSP.

Short-lived certificates fixes these issues from an end-user standpoint.

Is it possible that one day certificate expiration will be a thing of the past?