From 9bc1884bbcdb93d2bc4dc203233575a543437519 Mon Sep 17 00:00:00 2001 From: Jonas Meller Date: Tue, 7 Jul 2026 13:37:59 +0200 Subject: [PATCH 1/2] Clarify shortlived profile CRL documentation --- content/en/docs/profiles.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/en/docs/profiles.md b/content/en/docs/profiles.md index 6d902ce31..524769642 100644 --- a/content/en/docs/profiles.md +++ b/content/en/docs/profiles.md @@ -1,7 +1,7 @@ --- title: Profiles slug: profiles -lastmod: 2026-06-09 +lastmod: 2026-07-07 show_lastmod: false --- @@ -67,7 +67,7 @@ The issued certificate no longer contains any of the fields discussed above. The ## shortlived -The shortlived profile is identical to the tlsserver profile, with one key distinction: the resulting certificate is only valid for 6ish days. This allows these certificates to qualify as "Short-Lived Subscriber Certificates" under the Baseline Requirements, which means they do not need to contain any revocation information. This means the certificates can be even smaller, and removes any possibility of a client accidentally trusting a certificate after it has been revoked. +The shortlived profile is identical to the tlsserver profile, with one key distinction: the resulting certificate is only valid for 6ish days. This allows these certificates to qualify as "Short-Lived Subscriber Certificates" under the Baseline Requirements, which means they do not need to contain any revocation information. Today, these certificates still include a CRL URL, as shown in the table below, but [that may change in the future](https://github.com/letsencrypt/boulder/issues/7673). We recommend this profile for those who fully trust their automation to renew their certificates on time. This profile is not for everyone. From 8099b7868b1ec3eb2e8aa9a3fa033eb41cb8cc20 Mon Sep 17 00:00:00 2001 From: Jonas Meller Date: Tue, 7 Jul 2026 13:54:34 +0200 Subject: [PATCH 2/2] Add back removed sentence --- content/en/docs/profiles.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/docs/profiles.md b/content/en/docs/profiles.md index 524769642..a471afdf8 100644 --- a/content/en/docs/profiles.md +++ b/content/en/docs/profiles.md @@ -67,7 +67,7 @@ The issued certificate no longer contains any of the fields discussed above. The ## shortlived -The shortlived profile is identical to the tlsserver profile, with one key distinction: the resulting certificate is only valid for 6ish days. This allows these certificates to qualify as "Short-Lived Subscriber Certificates" under the Baseline Requirements, which means they do not need to contain any revocation information. Today, these certificates still include a CRL URL, as shown in the table below, but [that may change in the future](https://github.com/letsencrypt/boulder/issues/7673). +The shortlived profile is identical to the tlsserver profile, with one key distinction: the resulting certificate is only valid for 6ish days. This allows these certificates to qualify as "Short-Lived Subscriber Certificates" under the Baseline Requirements, which means they do not need to contain any revocation information. This means the certificates can be even smaller, and removes any possibility of a client accidentally trusting a certificate after it has been revoked. Today, these certificates still include a CRL URL, as shown in the table below, but [that may change in the future](https://github.com/letsencrypt/boulder/issues/7673). We recommend this profile for those who fully trust their automation to renew their certificates on time. This profile is not for everyone.