Apple unilaterally just reduced the maximum validity of HTTPS certificates in Safari to 15 months from 27 months. Not too long ago it was over 5 years. All this bit by bit increases the burden on the smaller independent non-commercial webmasters, who in the end just give up and leads to further centralization of the web: forces them to platforms, who take care of your "safety" ( not just from MITM but usually also from "violating" content).
I ran an Apache site with 10000+ daily visitors for 10 years on my own SuSE box from home. Firewalled the box and only left ports 80, 443, 25 and 22 open. Only had to update recently when I replaced the box with Raspberry Pi (I wonder how long the SD card will last).
I have ~ 5 lets encrypt certs, with different web servers. (Some appliances, some docker, and some openbsd).
One breaks for some different random reason every six months or so. Each time it happens, I spend hours reading let’s encrypt blog posts, source code in random languages I don’t care to learn, etc.
I just got a certificate expiry warning in my inbox for a fully patched machine with perfect uptime. It’s an unnecessary waste of time. For one thing, I don’t back up the certificates, so it the certificate is compromised, then the box that serves the content is also compromised.
