@evan not necessarily disagreeing, but short lived certs (they have 6 day ones now!) basically render most of the hassle of cert revocation pointless - by the time you discover something happened and that you should revoke the cert, it has only short period of validity left, so either you don't have to bother with it at all, or you need to keep it on the list only for short time.
Also, yeah, forcing automation, which makes rotation pretty painless, as opposed to the big yearly event.

My theory is that the 90-day time limit on Let's Encrypt SSL certs was an intentional anti-feature to make the whole system acceptable to the commercial cert providers who could use the convenience of a year-long or multi-year cert as a selling point.

@evan I think the purpose was to force people to set up automation. Setting up automation is harder than just installing a certificate, but you only have to do it once instead of having to do it yearly (which you may forget). In the long run it's more convenient.

@noisytoot what even is up with your domain

@evan Originally, @q3k registered it for me so I could use eris.berkeley.edu.pl as the domain for my pissnet server after I linked a server called eris.berkeley.edu to the network, causing several hours of netsplits due to an UnrealIRCd bug. A few years later I decided to set up my akkoma instance on berkeley.edu.pl for no particular reason.

For more context:

• pissnet is an IRC network that was set up as a joke after the freenode takeover, named after some spam. Anyone can link, and at its peak, it had over 100 servers, which resulted in several UnrealIRCd bugs being discovered.
• UnrealIRCd’s default config, which most server admins didn’t bother to change, had a ban block for eris.berkeley.edu.
• There is a video of this and also a map of the network at the time here.