this post was submitted on 02 Dec 2025
446 points (98.9% liked)

Selfhosted

53294 readers
1075 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
446
Decreasing Certificate Lifetimes to 45 Days (letsencrypt.org)
submitted 2 days ago by artiman@piefed.social to c/selfhosted@lemmy.world
188 comments fedilink hide all child comments
 

Let’s Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be cut in half to 45 days by 2028.
This change is being made along with the rest of the industry, as required by the CA/Browser Forum Baseline Requirements, which set the technical requirements that we must follow. All publicly-trusted Certificate Authorities like Let’s Encrypt will be making similar changes. Reducing how long certificates are valid for helps improve the security of the internet, by limiting the scope of compromise, and making certificate revocation technologies more efficient.

you are viewing a single comment's thread
view the rest of the comments
[–] CrabAndBroom@lemmy.ml 14 points 1 day ago (4 children)

I'm trying to think of the last time I heard news about something to do with the internet getting better instead of worse, and I'm genuinely coming up blank.

[–] vzqq@lemmy.blahaj.zone 3 points 23 hours ago

Make no mistake: this is an improvement.

There are substantial unsolvable issues with long lived certificates, and automatic deployment of very short lived certificates is the way to solve them.

Plan for certificate validity of six days in a few years.

[–] eclipse@lemmy.world 6 points 1 day ago (1 children)

Automated certificates are relatively new and pretty neat. Killing off the certificate cartels is an added bonus.

[–] dogs0n@sh.itjust.works 2 points 1 day ago

Yeah, I think Letsencrypt (and others) are one of the best things to happen for the internet.

You used to have to cough up a good chunk of monies for a certificate.

Now it's easily accessible and you (i) never have to think about it after the first setup because a robot automatically renews expiring certificates for me.

Generally this is one of the best improvements: a more secure web that is easier to achieve.

[–] nialv7@lemmy.world 10 points 1 day ago

Wait, how's this worse? This makes the Internet safer by reducing the window a leaked key can do harm.

[–] Korhaka@sopuli.xyz 3 points 1 day ago

Let's all just start self signing in protest