Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions content/en/docs/profiles.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Profiles
slug: profiles
lastmod: 2026-07-08
lastmod: 2026-07-09
show_lastmod: false
---

Expand Down Expand Up @@ -65,7 +65,7 @@ The issued certificate omits the Common Name, as it is redundant with the Subjec

## shortlived

The shortlived profile is identical to the tlsserver profile, with one key distinction: the resulting certificate is only valid for 6ish days. This allows these certificates to qualify as "Short-Lived Subscriber Certificates" under the Baseline Requirements, which means they do not need to contain any revocation information. This means the certificates can be even smaller, and removes any possibility of a client accidentally trusting a certificate after it has been revoked.
The shortlived profile is identical to the tlsserver profile, with one key distinction: the resulting certificate is only valid for 6ish days. This allows these certificates to qualify as "Short-Lived Subscriber Certificates" under the Baseline Requirements, which means they do not need to contain any revocation information. This means the certificates can be even smaller, and removes any possibility of a client accidentally trusting a certificate after it has been revoked. Today, these certificates still include a CRL URL, as shown in the table below, but [that may change in the future](https://github.com/letsencrypt/boulder/issues/7673).

We recommend this profile for those who fully trust their automation to renew their certificates on time. This profile is not for everyone.

Expand Down
Loading