[philprx]

that's roughly 1/45th probable downtime window = 2.22% downtime probability (yeah, it's a figure not a real proba ;-) )

compared to say, roughly 1/365 probable downtime window for a 398 days cert lifetime = 0.25% downtime probability

let's pray you don't need to rotate when it's down...

Dan Geer famously said: "Dependency is the root cause of risk"...

PS: even stricter shortlived durations in some context:

Internal/Private 1 – 7 days Corporate VPNs, Internal apps

Ephemeral 5 mins – 1 hour Docker containers, CI/CD runners

[kmm]

That's only if you delay renewal until the last day of the lifetime of the certificate. If you renew at day 30 you'd only get in trouble if there's more than two weeks of downtime.

[Analemma_]

You’re supposed to renew your cert way in advance of the expiration time. For 47-day certs the general expectation is that you renew them monthly, so in the worst case you’d need more than two weeks of CA outage before anything went wrong.