Let’s Encrypt, a nonprofit certificate authority, has revealed the introduction of its "Generation Y" certificate framework. It plans to progressively shorten the standard certificate validity period from 90 days to 45 days over the coming years. This move is aimed at bolstering the security of encrypted internet communications. Moreover, the organization will phase out TLS client authentication and transition its default ACME settings to align with the new certificate framework. By reducing the certificate validity period, Let’s Encrypt aims to minimize the risk of key compromise, adhering to the industry benchmarks established by the CA/Browser Forum. Concurrently, the "authorization reuse period" for domain validation will be trimmed from 30 days to 7 hours. This implies that domain ownership will nearly always undergo re-verification during certificate renewal. Nonetheless, Let’s Encrypt has highlighted that contemporary ACME clients are highly automated. As a result, the vast majority of website administrators will not be required to undertake any extra steps, since the automatic renewal mechanism will persist in operating seamlessly.