Why? It's just a couple automated HTTP requests to renew a cert.
Discussion
Because a six day cert is ridiculous. If they get DDoSed and go out of service for more than a day, several million websites will lose SSL certs.
Something along the line of like 500 million websites use Let's Encrypt. It creates a single point of failure for certificate issuance.
I could maybe, maybe, maybe see the use case for like a 30-day cert or something like that, but it just creates more work on their end To move to a six day cert it makes no sense.
I guess I don't see it as a big deal because my certificate lifetime has been set to 24 hours for a few years now. Then again, I also run my own private CA, so I'm not worried about being DoSed.
Plus, if my certs ever were to expire, it's not like I'm going to lose millions of dollars in revenue for every hour of downtime or anything like that. Thanks for explaining your perspective.
Wait a second, you can run your own private CA and it doesn't come off as a self-signed cert?
That I'm interested in.
Get ready to be disappounted. The only reason it doesn't come up as untrusted (for me) is because I've added my CA to my list of trusted CAs. So I only do this with internal services (local HTTPS services, SSH, etc.). The services are not just available to me, but I know all the users personally and they're all willing to install my CA.
For any public service, you're stuck with getting a cert from someone in the default list that ships with Firefox, Chrome, the O/S, Java, etc. That is, unless you are in a situation where you can get your clients/visitors to install your CA.
My public services use LetsEncrypt like most everyone else.
Ah darn ok. I knew you could install your own root CA and use your own SSL certs in your own systems. I do that already. I thought you were talking about somehow, running a private CA that works for public things.