Originally Posted by
smontanaro
As someone who only recently created a TLS/SSL certificate for the first time (using Let's Encrypt), I was mildly surprised to find the certificate expires every 90 days. When perusing their FAQ, I noticed a question of short expiration times. Their response was that it's typical, and not specific to their (free) service. It appears website admins need to keep on top of this.
The primary reason the LE certs only last 90 days is because of their ease of acquisition and low hurdle of ownership. Once a cert is issued, there's no way to unring the bell so if someone is using the cert on a malicious site, that domain can be blacklisted when they try to renew the cert. With traditional SSL purchasing, it cost you quite a bit of money to purchase and the vetting process was more in depth so it was expected that legitimate sites would be the primary recipients of those.
Although 90 days is a short enough time period to make renewal a hassle, many hosts offer auto-renewal of these and for those that don't, there's scripts you can run on a server via cron at a set schedule to perform the update of the cert if your host supports it.