Agreed. I have seen several cases were the recent short cert lifetime has made sites/services less secure as the devs either skip encryption entirely or are running with expired certificates. (I’m referring to small, seldom maintained or internal/non-public facing type projects where the goal is simply to not be using clear text)
Another example of this backfiring, I’ve seen several smaller sites/services make use of much more centralized SSL services (such as Cloudflare), just to avoid having to maintain the SSL certificate. (Whereas prior to the shorter expiration change, these would have been individual domain specific certificates.)
I’m aware that this does improve security in many cases as well.
Another example of this backfiring, I’ve seen several smaller sites/services make use of much more centralized SSL services (such as Cloudflare), just to avoid having to maintain the SSL certificate. (Whereas prior to the shorter expiration change, these would have been individual domain specific certificates.) I’m aware that this does improve security in many cases as well.