Let's Encrypt to reduce certificate lifetimes

Let's Encrypt has announced
that it will be reducing the validity period of its certificates from
90 days to 45 days by 2028:

Most users of Let's Encrypt who automatically issue certificates
will not have to make any changes. However, you should verify that
your automation is compatible with certificates that have shorter
validity periods.

To ensure your ACME client renews on time, we recommend using ACME
Renewal Information (ARI). ARI is a feature we've introduced to help
clients know when they need to renew their certificates. Consult your
ACME client's documentation on how to enable ARI, as it differs from
client to client. If you are a client developer, check out this
integration guide.

If your client doesn't support ARI yet, ensure it runs on a
schedule that is compatible with 45-day certificates. For example,
renewing at a hardcoded interval of 60 days will no longer be
sufficient. Acceptable behavior includes renewing certificates at
approximately two thirds of the way through the current certificate's
lifetime.

Manually renewing certificates is not recommended, as it will need
to be done more frequently with shorter certificate lifetimes.