diff --git a/Documentation/variables/config.md b/Documentation/variables/config.md
index 5c6aa5f512..96a8223931 100644
--- a/Documentation/variables/config.md
+++ b/Documentation/variables/config.md
@@ -31,10 +31,8 @@ This document gives an overview of variables used in all platforms of the Tecton
 | tectonic_pull_secret_path | The path the pull secret file in JSON format. This is known to be a "Docker pull secret" as produced by the docker login [1] command. A sample JSON content is shown in [2]. You can download the pull secret from your Account overview page at [3].<br><br>[1] https://docs.docker.com/engine/reference/commandline/login/<br><br>[2] https://coreos.com/os/docs/latest/registry-authentication.html#manual-registry-auth-setup<br><br>[3] https://account.coreos.com/overview | string | `` |
 | tectonic_service_cidr | (optional) This declares the IP range to assign Kubernetes service cluster IPs in CIDR notation. The maximum size of this IP range is /12 | string | `10.3.0.0/16` |
 | tectonic_stats_url | (internal) The Tectonic statistics collection URL to which to report. | string | `https://stats-collector.tectonic.com` |
-| tectonic_tls_validity_period | Validity period of the self-signed certificates (in hours). Default is 3 years. This setting is ignored if user provided certificates are used. | string | `26280` |
 | tectonic_update_app_id | (internal) The Tectonic Omaha update App ID | string | `6bc7b986-4654-4a0f-94b3-84ce6feb1db4` |
 | tectonic_update_channel | (internal) The Tectonic Omaha update channel | string | `tectonic-1.9-production` |
 | tectonic_update_server | (internal) The URL of the Tectonic Omaha update server | string | `https://tectonic.update.core-os.net` |
 | tectonic_versions | (internal) Versions of the components to use | map | `<map>` |
 | tectonic_worker_count | The number of worker nodes to be created. This applies only to cloud platforms. | string | `3` |
-
diff --git a/examples/tectonic.aws.yaml b/examples/tectonic.aws.yaml
index b3fdb3246c..d9439a9c91 100644
--- a/examples/tectonic.aws.yaml
+++ b/examples/tectonic.aws.yaml
@@ -301,11 +301,6 @@ platform: AWS
 # [3] https://account.coreos.com/overview
 pullSecretPath:
 
-# Validity period of the self-signed certificates (in hours).
-# Default is 3 years.
-# This setting is ignored if user provided certificates are used.
-tlsValidityPeriod: 26280
-
 worker:
   # The name of the node pool(s) to use for workers
   nodePools:
diff --git a/examples/tectonic.libvirt.yaml b/examples/tectonic.libvirt.yaml
index 4dad4dcbdf..696dc19611 100644
--- a/examples/tectonic.libvirt.yaml
+++ b/examples/tectonic.libvirt.yaml
@@ -134,11 +134,6 @@ platform: libvirt
 # [3] https://account.coreos.com/overview
 pullSecretPath:
 
-# Validity period of the self-signed certificates (in hours).
-# Default is 3 years.
-# This setting is ignored if user provided certificates are used.
-tlsValidityPeriod: 26280
-
 worker:
   nodePools:
     - worker
diff --git a/installer/pkg/config-generator/fixtures/test-aws.yaml b/installer/pkg/config-generator/fixtures/test-aws.yaml
index f972b15844..4fb626ffbc 100644
--- a/installer/pkg/config-generator/fixtures/test-aws.yaml
+++ b/installer/pkg/config-generator/fixtures/test-aws.yaml
@@ -15,7 +15,6 @@ workers:
 etcd:
   nodePools:
     - etcd
-tlsValidityPeriod: 26280
 pullSecretPath: /path/config.json
 licensePath: /path/tectonic-license.txt
 containerLinux:
diff --git a/installer/pkg/config/cluster.go b/installer/pkg/config/cluster.go
index 2b1d2453b4..a27feef7e1 100644
--- a/installer/pkg/config/cluster.go
+++ b/installer/pkg/config/cluster.go
@@ -45,26 +45,25 @@ var defaultCluster = Cluster{
 
 // Cluster defines the config for a cluster.
 type Cluster struct {
-	Admin             `json:",inline" yaml:"admin,omitempty"`
-	BaseDomain        string `json:"tectonic_base_domain,omitempty" yaml:"baseDomain,omitempty"`
-	CA                `json:",inline" yaml:"ca,omitempty"`
-	ContainerLinux    `json:",inline" yaml:"containerLinux,omitempty"`
-	Etcd              `json:",inline" yaml:"etcd,omitempty"`
-	Internal          `json:",inline" yaml:"-"`
-	LicensePath       string `json:"tectonic_license_path,omitempty" yaml:"licensePath,omitempty"`
-	Master            `json:",inline" yaml:"master,omitempty"`
-	Name              string `json:"tectonic_cluster_name,omitempty" yaml:"name,omitempty"`
-	Networking        `json:",inline" yaml:"networking,omitempty"`
-	NodePools         `json:"-" yaml:"nodePools"`
-	Platform          Platform `json:"tectonic_platform" yaml:"platform,omitempty"`
-	PullSecretPath    string   `json:"tectonic_pull_secret_path,omitempty" yaml:"pullSecretPath,omitempty"`
-	TLSValidityPeriod int      `json:"tectonic_tls_validity_period,omitempty" yaml:"tlsValidityPeriod,omitempty"`
-	Worker            `json:",inline" yaml:"worker,omitempty"`
-	aws.AWS           `json:",inline" yaml:"aws,omitempty"`
-	libvirt.Libvirt   `json:",inline" yaml:"libvirt,omitempty"`
-	IgnitionMaster    string `json:"tectonic_ignition_master,omitempty" yaml:"-"`
-	IgnitionWorker    string `json:"tectonic_ignition_worker,omitempty" yaml:"-"`
-	IgnitionEtcd      string `json:"tectonic_ignition_etcd,omitempty" yaml:"-"`
+	Admin           `json:",inline" yaml:"admin,omitempty"`
+	BaseDomain      string `json:"tectonic_base_domain,omitempty" yaml:"baseDomain,omitempty"`
+	CA              `json:",inline" yaml:"ca,omitempty"`
+	ContainerLinux  `json:",inline" yaml:"containerLinux,omitempty"`
+	Etcd            `json:",inline" yaml:"etcd,omitempty"`
+	Internal        `json:",inline" yaml:"-"`
+	LicensePath     string `json:"tectonic_license_path,omitempty" yaml:"licensePath,omitempty"`
+	Master          `json:",inline" yaml:"master,omitempty"`
+	Name            string `json:"tectonic_cluster_name,omitempty" yaml:"name,omitempty"`
+	Networking      `json:",inline" yaml:"networking,omitempty"`
+	NodePools       `json:"-" yaml:"nodePools"`
+	Platform        Platform `json:"tectonic_platform" yaml:"platform,omitempty"`
+	PullSecretPath  string   `json:"tectonic_pull_secret_path,omitempty" yaml:"pullSecretPath,omitempty"`
+	Worker          `json:",inline" yaml:"worker,omitempty"`
+	aws.AWS         `json:",inline" yaml:"aws,omitempty"`
+	libvirt.Libvirt `json:",inline" yaml:"libvirt,omitempty"`
+	IgnitionMaster  string `json:"tectonic_ignition_master,omitempty" yaml:"-"`
+	IgnitionWorker  string `json:"tectonic_ignition_worker,omitempty" yaml:"-"`
+	IgnitionEtcd    string `json:"tectonic_ignition_etcd,omitempty" yaml:"-"`
 }
 
 // NodeCount will return the number of nodes specified in NodePools with matching names.
diff --git a/installer/pkg/workflow/fixtures/aws.basic.yaml b/installer/pkg/workflow/fixtures/aws.basic.yaml
index cd524bc152..bc40a65d85 100644
--- a/installer/pkg/workflow/fixtures/aws.basic.yaml
+++ b/installer/pkg/workflow/fixtures/aws.basic.yaml
@@ -48,7 +48,6 @@ nodePools:
     count: 3
 platform: AWS
 pullSecretPath:
-tlsValidityPeriod: 26280
 worker:
   nodePools:
     - worker
diff --git a/installer/pkg/workflow/fixtures/terraform.tfvars b/installer/pkg/workflow/fixtures/terraform.tfvars
index 15741bf80a..2352cd50a5 100644
--- a/installer/pkg/workflow/fixtures/terraform.tfvars
+++ b/installer/pkg/workflow/fixtures/terraform.tfvars
@@ -11,7 +11,6 @@
   "tectonic_service_cidr": "10.3.0.0/16",
   "tectonic_cluster_cidr": "10.2.0.0/16",
   "tectonic_platform": "AWS",
-  "tectonic_tls_validity_period": 26280,
   "tectonic_worker_count": 3,
   "tectonic_aws_endpoints": "all",
   "tectonic_aws_etcd_ec2_type": "m4.large",