1. Forum
  2. tqwNet
  3. TQW LINUX

  • Let's Encrypt to reduce certificate lifetimes

    From LWN.net@1337:1/100 to All on Tuesday, December 02, 2025 15:45:07
    Let's Encrypt to reduce certificate lifetimes

    Date:
    Tue, 02 Dec 2025 15:37:09 +0000

    Description:
    Let's Encrypt has announced that it will be reducing the validity period of its certificates from
    90 days to 45 days by 2028: Most users of Let's Encrypt who automatically issue certificates
    will not have to make any changes. However, you should verify that
    your automation is compatible with certificates that have shorter
    validity periods. To ensure your ACME client renews on time, we recommend using ACME
    Renewal Information (ARI) . ARI is a feature we've introduced to help
    clients know when they need to renew their certificates. Consult your
    ACME client's documentation on how to enable ARI, as it differs from
    client to client. If you are a client developer, check out this integration guide . If your client doesn't support ARI yet, ensure it runs on a
    schedule that is compatible with 45-day certificates. For example,
    renewing at a hardcoded interval of 60 days will no longer be
    sufficient. Acceptable behavior includes renewing certificates at
    approximately two thirds of the way through the current certificate's
    lifetime. Manually renewing certificates is not recommended, as it will need
    to be done more frequently with shorter certificate lifetimes.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/1048976/


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)