Let's Encrypt will decrease SSL certificate validity from 90 to 45 Days by 2028

Let's Encrypt will decrease SSL certificate validity from 90 to 45 Days by 2028

Let's Encrypt, operated by the Internet Security Research Group, has announced plans to reduce the validity period of its SSL/TLS certificates from 90 days to just 45 days by 2028. This shift means anyone relying on Let's Encrypt certificates will need to renew them twice as often as before.

This adjustment is part of an industry-wide move, as all publicly-trusted Certificate Authorities will be required to follow the CA/Browser Forum Baseline Requirements. These technical standards mandate shorter certificate lifespans, impacting organizations and website administrators across the globe.

The main driver behind this change is to improve internet security. Shorter certificate validity limits the time window for attackers to exploit a compromised certificate and enhances the effectiveness of certificate revocation processes. Following the change to certificate issuance, Let's Encrypt will also tighten its process for domain validation. The current 30-day authorization reuse period, which allows certificate issuance without re-checking domain control, will be reduced to just 7 hours by 2028.

To assist users in adapting, Let's Encrypt will implement these changes gradually in several stages. Additional details are available in the official announcement.

by Paul

du
cz
soul1472
ba
duttyend found this interesting
MORE ABOUT: #Certificate Authorities#Let's Encrypt
Let's Encrypt iconLet's Encrypt
  130
  • ...

Let's Encrypt is a Certificate Authority that simplifies the process of obtaining and managing SSL/TLS certificates for secure websites. By automating the certificate issuance and renewal process, it allows site operators to enable HTTPS with minimal effort using simple commands. Rated 4.3, Let's Encrypt supports SSL Certificates, SSL, and TLS, providing a streamlined solution for web security.

Related news

All news about Let's Encrypt »

External links

Comments

nns
-1

The "Turkey Tyranny" which is the Centralized CAs like Let's Encrypt icon Let's Encrypt above. Encryption on transmission is good, but never forget who issues the certificates as well. Let's Encrypt (sic) is Linux Foundation thing, and so Microsoft and the NSA controls it. Being based on the United States, He-Who-Must-Not-Be-Named can also censor it (1, 2.)

Dr. Andy Farnell debunked the myth of centralized CAs. Like I've said above, watch who issues the certificates. If you outsource it to a cabal/cartel of CAs, or one universal CA, you've fallen into a censorship trap disguised as "security", since a malicious site can also just request a free or paid certificate (some company are willing to sell it - easy money for just some random bytes). Speaking of CAs, they are nothing but Chat Control - serving the "Big Brother" and not you.

Transport Layer Security is fine, outsourcing them is not. Outsourced HTTPS is a monopoly which no one realizes, except Gemini (protocol). The Gemspace chose to self-sign instead because of this monopoly.

Lu9
-1

ah great, as if we didnt already have enough reasons to hate let's encrypt. "a certificate costs a whole kidney so let's help the poor internet user by making the free alternative absolutely awful Entirely On Purpose" - let's Not encrypt!

Gu