Re: I understand
RE: "LE wanted the shortest validity time to reduce risks with temporary hijacks or expired/sold domains but compromised on 60 day renewals to reduce load, with a 30 day grace period to allow for temporary outages and other intermittent failures."
This is nice (and I use LE). But I can't help noticing that the Let's Encrypt Authority X3 signing certificate is valid from March 17 2016-2021, i.e. 5 years.
Not sure if this new 1 year limit from Apple will only apply to the leaf certificate or also all signing certificates up the chain? The latter is potentially more painful.