> Why not make it 30 seconds?

This is a ridiculous straw man.

> 48 hours. I am willing to bet money this threshold will never be crossed.

That's because it won't be crossed and nobody serious thinks it should.

Short certs are better, but there are trade-offs. For example, if cert infra goes down over the weekend, it would really suck. TBH, from a security perspective, something in the range of a couple of minutes would be ideal, but that runs up against practical reasons

- cert transparency logs and other logging would need to be substantially scaled up

- for the sake of everyone on-call, you really don't want anything shorter than a reasonable amount of time for a human to respond

- this would cause issues with some HTTP3 performance enhancing features

- thousands of servers hitting a CA creates load that outweighs the benefit of ultra short certs (which have diminishing returns once you're under a few days, anyways)

> This feels like much more of an ideological mission than a practical one

There are numerous practical reasons, as mentioned here by many other people.

Resisting this without good cause, like you have, is more ideological at this point.