1.1.9 Consider Short-Lived Certificates
As of 2025, we have another useful security tool to add to our arsenal—certificates that are valid for such a short period of time that they don’t incorporate any revocation information. These are called short-lived certificates. You should consider using these certificates for your most important properties as they provide the best security.
Longer-life certificates come with two problems: (1) they force you to use the backing private keys for a longer period of time and (2) they could be weaponized for a longer period of time if stolen. The latter problem was supposed to be solved using revocation, but that’s never worked properly and is being abandoned, at least for public certificates. Short-lived certificates have always been a good idea, but they especially make sense now, in a world where issuance automation is widespread.