@aaronstuder said in How to setup Nginx TLS certificate based Authentication (VPN alternative): @emad-r 3650 🙂 One of the main reasons that normal certs cannot be bought with forever expiration is because then people would be less apt to update them as ciphers are broken. Look at how many people still use(d) SSLv1 SHA1, etc., long after they were proven broken.