From 90bdb8c3292e6beb36add26fd73a888ac5988679 Mon Sep 17 00:00:00 2001
From: shankar0123 <skreddy040@gmail.com>
Date: Wed, 25 Mar 2026 03:58:28 -0400
Subject: [PATCH] docs: add certificate lifespan timeline diagram to README

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 README.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/README.md b/README.md
index 7ca673c..dfe52f2 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,17 @@
 
 91 API endpoints. 21 database tables. 900+ tests. Full GUI. Ships with Docker Compose.
 
+```mermaid
+timeline
+    title TLS Certificate Maximum Lifespan (CA/Browser Forum Ballot SC-081v3)
+    2015 : 5 years
+    2018 : 825 days
+    2020 : 398 days
+    March 2026 : 200 days
+    March 2027 : 100 days
+    March 2029 : 47 days
+```
+
 TLS certificate lifespans are shrinking fast. The CA/Browser Forum passed [Ballot SC-081v3](https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods/) unanimously in April 2025, setting a phased reduction: **200 days** by March 2026, **100 days** by March 2027, and **47 days** by March 2029. Organizations managing dozens or hundreds of certificates can no longer rely on spreadsheets, calendar reminders, or manual renewal workflows. The math doesn't work — at 47-day lifespans, a team managing 100 certificates is processing 7+ renewals per week, every week, forever.
 
 certctl is a self-hosted platform that automates the entire certificate lifecycle — from issuance through renewal to deployment — with zero human intervention. It works with any certificate authority, deploys to any server, and keeps private keys on your infrastructure where they belong.