Since 2020, maximum lifetime of HTTPS certificates is limited to 1 year, exactly 398 days. I've previously written about the history and the reasons behind the change. But the reduced lifetime applies only to certificates issued from a public certification authority (CA) added to the operating system's or the browser's trusted root store by the vendor.
Some time ago, I've change my Google password. That change logged me out of my Google account on my iPad so Photos, Chrome, and other apps were asking again for my password to log me back in. The only problem was that all I could see, was a blank page instead of the Google login form, or just
-- (NSURLErrorDomain: -999) error.
In February 2020 at the CA/Browser Forum in Bratislava, Slovakia (and later officially), Apple has announced that starting September 1st, 2020, maximum TLS certificate lifetime in Safari (and probably in the whole macOS and iOS and all apps) will be just 1 year, 398 days exactly. Apple's change has been followed by both Chrome and Mozilla later that year. That's very good news. But why?