Comment by iso1631

There's no (current) plans to drop below 45 day certificates with an expected renewal with 2 weeks to go.

I agree if cert lifetimes drop towards week long then it becomes problematic. A sensible thing at that point is to ensure you can issue certificates from different CAs on different underlying stacks, in the same way you use multiple DNS servers