5 points | by nickf 12 hours ago ago
2 comments
A phased approach to reducing the validity of TLS server certificates over the next two or three years, ending at a 45-day certificate lifetime by early 2027.
Letsencrypt wildcard certs are valid for 30 days, and regular certs are valid for 90 days but they recommend renewing them after 60 days.
Cert validity intervals directly affect the storage and bandwidth requirements for CT logs, which should be replicated.
Does anyone serve the CT Certificate Transparency logs for checking by browsers?
A phased approach to reducing the validity of TLS server certificates over the next two or three years, ending at a 45-day certificate lifetime by early 2027.
Letsencrypt wildcard certs are valid for 30 days, and regular certs are valid for 90 days but they recommend renewing them after 60 days.
Cert validity intervals directly affect the storage and bandwidth requirements for CT logs, which should be replicated.
Does anyone serve the CT Certificate Transparency logs for checking by browsers?