And note that the reduced certificate lifetime applies to public certificate authorities (CAs) subject to CA/Browser Forum requirements. In practice, that means only public certs for ports 443 and 8181 (Forms Notification Service) used by web applications are in scope.

tl;dr - Use ACME. Any CA worth their salt supports ACME at this point.

What Is ACME And Why Is It Important? | DigiCert

If you're currently issuing 1-yr certs from an internal CA like Active Directory Certificate Services (AD CS) for backend service TLS bindings (Directory Server port 5049, etc.), those are unaffected by this change. 

Voting Period Begins: SC-081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods

The focus of this ballot is a set of changes to the TLS Baseline Requirements (TBRs). The TBRs address requirements only for certificates which are “intended to be used for authenticating servers accessible through the Internet” [1]. Certificates which match or are compatible with the profiles described in the TBRs can be (and are) used for a variety of purposes not addressed by the TBRs, but these use-cases are not directly in scope of the TBRs nor the changes proposed in this ballot.

That said, certificate lifecycle automation is broadly a good thing, and it's wise to think about how you'd do it anywhere you have certs.