Just found this news from LE, where they will switch to 45 days of certification period. Timelines as follows:
URL: Decreasing Certificate Lifetimes to 45 Days - Let's Encrypt
Changes will be deployed to our staging environment approximately one month before the production dates below.
-
May 13, 2026: Let’s Encrypt will switch our tlsserver ACME profile to issue 45-day certificates. This profile is opt-in and can be used by early adopters and for testing.
-
February 10, 2027: Let’s Encrypt will switch our default classic ACME profile to issuing 64-day certificates with a 10-day authorization reuse period. This will affect all users who have not opted into the tlsserver or shortlived (6-day) profiles.
-
February 16, 2028: We will further update the classic profile to issue 45-day certificates with a 7 hour authorization reuse period.
These dates are when the change takes effect for new certificates, so Let’s Encrypt users will see the reduced certificate validity period at their next renewal after these dates.
Also they say that a new validation method called DNS-PERSIST-01 will come into place. The key advantage of this new method is that the DNS TXT entry used to demonstrate control does not have to change every renewal.