All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Let's Encrypt to Reduce SSL Certificate Validity from 90 to 45 Days by 2028

By

abraham

6mo ago· 4 min readenNews
Bagel score 85 of 100
85/100
Golden Brown
Bagelometer

The bagel they save for the regulars. Don't skim, savour.

Score85TypenewsSentimentneutral

Summary

Let's Encrypt will reduce SSL/TLS certificate validity periods from 90 days to 45 days by 2028, following industry-wide requirements from the CA/Browser Forum Baseline Requirements. This change applies to all publicly-trusted Certificate Authorities and aims to improve internet security by limiting compromise scope and making certificate revocation more efficient.

Key quotes

· 4 pulled
Let's Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be cut in half to 45 days by 2028.
This change is being made along with the rest of the industry, as required by the CA/Browser Forum Baseline Requirements, which set the technical requirements that we must follow.
All publicly-trusted Certificate Authorities like Let's Encrypt will be making similar changes.
Reducing how long certificates are valid for helps improve the security of the internet, by limiting the scope of compromise, and making certificate revocation technologies more efficient.
Snippet from the RSS feed
Let’s Encrypt will be reducing the validity period of the certificates we issue. We currently issue certificates valid for 90 days, which will be cut in half to 45 days by 2028. This change is being made along with the rest of the industry, as required by

You might also wanna read

Phishing Campaign Targets Signal Users by Stealing Backup Recovery Keys

A new wave of phishing attacks is targeting Signal users by impersonating the app's support team. Hackers send messages inside Signal claimi

cybersecuritynews.com·30m ago

New phishing campaign targets Signal users to steal chat backup recovery keys

Hackers are targeting Signal users in a new phishing campaign that attempts to steal their chat backups. The attackers pose as Signal's supp

techcrunch.com·36m ago

Weekly cybersecurity roundup: FortiClient EMS infostealer, Trend Micro Apex One exploit, and crypto payment security

A weekly roundup of cybersecurity news, featuring an interview with Coinflow's CISO about crypto payment security under AI-driven threats, c

helpnetsecurity.com·2h ago

CISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog

CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS

cisa.gov·5h ago

CISA Adds Palo Alto Networks PAN-OS Authentication Bypass Vulnerability to Known Exploited Vulnerabilities Catalog

CISA has added a new vulnerability (CVE-2026-0257) to its Known Exploited Vulnerabilities (KEV) Catalog, affecting Palo Alto Networks PAN-OS

cisa.gov·5h ago

Microsoft warns of crypto mining malware disguised as fake downloads of popular PC utilities

Microsoft's Windows Defender team has uncovered a cryptocurrency mining campaign targeting PC enthusiasts. Scammers are manipulating search

techspot.com·13h ago