you already know i think domains, and certificate authorities are shitcoins.
but with a cronjob doing auto renewal, im curious what bugs you about the length of time..
Discussion
I mean, yeah, in a general sense, I share the same opinion about DNS. But is the current system we have.
So DNS issues aside, at least the way that I see it, is even though certificate authorities are already kind of a central point of failure, having a six-day certificate increases that single point of failure risk. If Let's Encrypt has an issue on the scale of something that the Internet Archive had where they're down for days or a week, hundreds of millions of sites will lose their certificates. Having a 90 day cert, even a 30 or 60 day cert gives them some wiggle room in case something catastrophic happens.
maybe i just dont know how they work. but it was my impression that a verification request is sent to the certificate authority every time a connection is attempted. in that case, the length of the certification validity would be somewhat irrelevant as the validation request would fail because Lets Encrypt was down.