This is in line with the recommendations of the Let's Encrypt integration guide, and the default most other clients implement as well.