Web server certificates used to last one for three years, I recall. Our network administrator would send a request to GoDaddy, get back a certificate, and it would be up to others of us to install it, possibly with some change of format, on the assorted servers. I thought that the three-year span was convenient. It gave one enough time to forget the procedures, but with proper documentation that didn't matter.
At some point, GoDaddy shortened the life of certificates to one year. That was tolerable. Last year, I read that the standard length of certificates would be three months, and so it is. This is great if you can set up LetsEncrypt with the http challenge, and let the certbot take over. If you can't, then life becomes somewhat more complicated. I suppose that we will figure out the dns challenge instead. But I wish we didn't have to. Is it really plausible to suppose that a certificate can be defeated in one year but not in three months? And there are proposals to shorten the lifetimes still further. Oh, dear.
