Recommendation against long-lasting Origin Certificate?

In my understanding for public-facing certificates the shorter the lifetime the better (within reasonable limits). But what about Origin Certificates that are only used between Cloudflare and the origin server? Are there any recommendations on not using the 15 year option? Apparently one shouldn’t really be able to create certificates with an expiry longer than 2 years any way.

Thank you!

2 posts were merged into an existing topic: Using Origin Certificate publicly (shows up in client’s browser)