cron

Yes, that is why many big tech companies have their european hq there.

Edit: Wikipedia on Ireland as a tax haven

You're right, Google released their vision in 2023, here is what it says regarding lifespan:

a reduction of TLS server authentication subscriber certificate maximum validity from 398 days to 90 days. Reducing certificate lifetime encourages automation and the adoption of practices that will drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes. These changes will allow for faster adoption of emerging security capabilities and best practices, and promote the agility required to transition the ecosystem to quantum-resistant algorithms quickly. Decreasing certificate lifetime will also reduce ecosystem reliance on “broken” revocation checking solutions that cannot fail-closed and, in turn, offer incomplete protection. Additionally, shorter-lived certificates will decrease the impact of unexpected Certificate Transparency Log disqualifications.

If you measure from the surrounding area, the Mauna Kea is higher than Mt. Everest.

Sorry, I understood you wrong. You're right!

Nothing of value was lost when EV certificates disappeared.

even more secure with the 90 days policy.

Yes, if you do this ~~manually~~ it will work.

I meant certbot with nginx plugin and http-01 challenge.

You're right, ssl.com offers this, too.

IMO, sticking to manual processes that are error-prone is a waste of money and not a sign of a honest business.

Yes, it can be easier. But not every DNS provider allows API access, so you might need to change the provider.

(good luck with that in many enterprise scenarios).

I've set it up fully automated with traefik and dns challenges.