Remember when we warned in February Apple will crack down on long-life HTTPS certs?
Found on The Register on Saturday, 04 July 2020
From September 1, Apple software, from Safari to macOS to iOS, will reject new HTTPS and other SSL/TLS certificates that are valid for more than 398 days, plus or minus some caveats.
"Connections to TLS servers violating these new requirements will fail," Apple warned in its official note. "This might cause network and app failures and prevent websites from loading."
Mozilla and other tech giants previously lobbied the CA/Browser Forum – a collective of certificate issuers and browser makers – for shorter cert lifetimes. After those proposals were shot down in a vote, Apple went ahead anyway with a one-year-max policy and bypassed the industry forum, a move backed by the Chromium team.
Long lived certificates are mostly EV certificates. So if these websites decide to switch to DV certificates like Let's Encrypt, they actually lower the bar. In the end, lifetime decisions should be left to the webmaster.