Security News > 2020 > March > Why 3 million Let’s Encrypt certificates are being killed off today
In the past, there were two main reasons: TLS certificates were complicated and time-consuming to acquire and use; and they cost money that sites such as charities, hobbyists and small businesses resented having to pay, especially given that certificates need renewing regularly.
Let's Encrypt certificates are valid for 90 days, and autorenew for most users when there are 30 days or fewer left on their current certificates.
The domain owner might not use Let's Encrypt themselves, and might therefore publish a DNS entry saying, "Only accept XYZ Corporation to issue certificates for this domain," as a way of making it harder for unauthorised third parties to get bogus certificates to impersonate their site.
If you have certificates that are being revoked, Let's Encrypt will try to email you.
Affected customers ought to have received warning emails by now - Let's Encrypt has a web page showing what the emails look like, and how get further advice - that page also has links showing you how to download a full list of serial numbers of affected certificates plus the domain names that each certificate covers.