The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
Exactly. Setting up Let’s Encrypt is really easy, and once it’s set up, you don’t have to think about it.
I did it for self-hosted stuff, and it’s trivial. You can even do DNS challenge auth instead of HTTP and you don’t need to have port 80 open at all, but you do need a login token for your DNS host for the script.
The first one will probably take an hour or two if it’s your first time, and after that, it’s maybe 5 min per site.
I have mine check daily, which is the default and is recommended. It only actually updates when it’s close to renewal, so I never need to care how short the renewal period is.
Exactly. Setting up Let’s Encrypt is really easy, and once it’s set up, you don’t have to think about it.
I did it for self-hosted stuff, and it’s trivial. You can even do DNS challenge auth instead of HTTP and you don’t need to have port 80 open at all, but you do need a login token for your DNS host for the script.
The first one will probably take an hour or two if it’s your first time, and after that, it’s maybe 5 min per site.
That’s what I thought. And now I need to figure out how to update it for 47 day cycles.
I have mine check daily, which is the default and is recommended. It only actually updates when it’s close to renewal, so I never need to care how short the renewal period is.