The CA/Browser Forum has officially voted this month to reduce the TLS certificate maximum validity timeframe gracefully down to 47 days maximum starting March 17, 2029, and reducing to 200 days on March 15, 2026, and 100 days on March 15, 2027 as steps along the way:

Official verbiage that was voted on: https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/bvWh5RN6tYI

It would be nice if FlexPoint got ahead of the reductions and implemented proper automatic DNS or web-validated renewals of custom customer portal subdomains before even the 200-day reduction, but it's definitely going to be a requirement as the length reduces, as I don't want to manually renew certificates every 100 days starting in two years, either :-)

This is clearly possible as companies like IT Glue were doing it for documentation automatically prior even to their acquisition by Kaseya, and other vendors do the same! I believe Microsoft and Amazon cloud services both offer managed automated certificates that could be used for this purpose, for example.