That's bad isn't it.

That's bad isn't it.

Why?

If a private key is compromised, the shorter the life of the cert is, the better this is for everybody.

It's bad if you can't use automatically renewing certificates like Let's Encrypt. For one site where trust is important, I use an EV certificate and I renewed it recently for a period of two years because of the hassle involved in going through the verification process. Apple now forces me to go through this process every year and buy a more expensive certificate (no second-year discount).

Luckily all my other certificates are Let's Encrypt versions which renew every few months automatically.

It's bad if you can't use automatically renewing certificates

Who says you can’t? My sites' certificates will auto-renew until I tell them to stop, but that just means I myself never have to take any action. The certificate itself is never more than 90 days old.

I was talking about EV certificates. There is a whole process involved to renew these certificates including checks at the business registry and confirmation via phone and email. Depending on the country you're in this process can take a week or more.

Is there still a reason to use EV certificates today? If I don't make mistake, browsers are now showing them the exact same way as "normal" certs. No more special indicators.

It depends on the niche you are in. For informational and e-commerce sites their value has diminished since browsers stopped showing them. But for SaaS in the business to business market, EV certificates are still valuable.

Mit', that is the point @lammert makes i think. The rural PC still looks at green bar, the Finance anything do, green is green.