Let's Encrypt to reduce certificate lifetimes

Let's Encrypt has announcedthat it will be reducing the validity period of its certificates from90 days to 45 days by 2028:

Most users of Let's Encrypt who automatically issue certificateswill not have to make any changes. However, you should verify thatyour automation is compatible with certificates that have shortervalidity periods.

To ensure your ACME client renews on time, we recommend using ACMERenewal Information (ARI). ARI is a feature we've introduced to helpclients know when they need to renew their certificates. Consult yourACME client's documentation on how to enable ARI, as it differs fromclient to client. If you are a client developer, check out thisintegration guide.

If your client doesn't support ARI yet, ensure it runs on aschedule that is compatible with 45-day certificates. For example,renewing at a hardcoded interval of 60 days will no longer besufficient. Acceptable behavior includes renewing certificates atapproximately two thirds of the way through the current certificate'slifetime.

Manually renewing certificates is not recommended, as it will needto be done more frequently with shorter certificate lifetimes.