this post was submitted on 15 Apr 2025
134 points (97.9% liked)

Sysadmin

8856 readers
44 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
134
TLS Certificate Lifetimes Will Officially Reduce to 47 Days (in 2029) (www.digicert.com)
submitted 1 week ago by [email protected] to c/[email protected]
35 comments fedilink hide all child comments
 

From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.

As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.

As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.

As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

What's everyone's opinion on this? I think from a security standpoint their reasoning is valid and in many cases it's very easy to automate the renewal with ACME or something else. But there's likely gonna be legacy stuff still around in 2029 that won't be easy to automate.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 6 points 1 week ago (1 children)

My little corner of the business has started migrating our certs to let's encrypt.

Hope it catches on else where

[–] [email protected] 1 points 1 week ago (2 children)

I am a little concerned about the fact that Let's encrypt is a centralized service subject to outages. What would happen if they we either breached or had a several day issue.

If you are in the cloud you can use the cloud provided certs

[–] WhyJiffie 2 points 1 week ago (1 children)

and I'm a little more concerned about the fact that Let's Encrypt has lost its funding recently

[–] [email protected] 1 points 1 week ago

Out of the 2 scenarios this is the more immediate concern for me

[–] [email protected] 1 points 1 week ago

This is always a concern however we were recently stung by the dicicert revocation thing. Spending a night changing thousands of certs was not fun