this post was submitted on 15 Apr 2025
132 points (97.8% liked)

Sysadmin

8897 readers
7 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 2 years ago
MODERATORS
DarraignTheSane@lemmy.world
00Lemming@lemmy.world
L3s@lemmy.world
132
TLS Certificate Lifetimes Will Officially Reduce to 47 Days (in 2029) (www.digicert.com)
submitted 2 weeks ago by JRaccoon@discuss.tchncs.de to c/sysadmin@lemmy.world
35 comments fedilink hide all child comments
 

From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.

As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.

As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.

As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

What's everyone's opinion on this? I think from a security standpoint their reasoning is valid and in many cases it's very easy to automate the renewal with ACME or something else. But there's likely gonna be legacy stuff still around in 2029 that won't be easy to automate.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] prime_number_314159@lemmy.world 2 points 2 weeks ago (1 children)

The browser warning appears even for a cert issued by a non public CA you have told your browser to trust, and most browsers already enforce a 398 day limit, so unless you have cooperative users, you're already (effectively) capped at 1 year of validity.

[โ€“] lud@lemm.ee 1 points 2 weeks ago

No, that's fortunately not correct. TLS certificates issued by our CA are valid for 2 years and that works perfectly fine in all the browsers I have ever used.