SSL certificate lifetimes are really going down.
old.reddit.comCert maintenance has always been a disaster. It's much too critical to fully automate (fire and forget), and yet it's also cumbersome and tedious to manually implement, especially after-hours.
Automate it, have the ACME client send alerts if renewal fails, and also monitor the system's certificate from a different system.