+ACH On November 28, 2016 11:32:10 PM GMT+01:00, Raoul Bhatia <[email protected]> wrote: >On November 28, 2016 11:14:34 PM GMT+01:00, Tobias Pape ><[email protected]> wrote: >> >>On 28.11.2016, at 23:12, Raoul Bhatia <[email protected]> wrote: >> >>> I've successfully transitioned existing StartSSL certificates + HPKP >>/ HSTS to letsencrypt.sh (via the Debian package). >>> >>> I know I am not the first to do such a thing, but maybe you'd like >to >>have some quick pointers to get this resolved ASAP. >>> >>> Raoul >>> >>> PS. The most important thing is to initially tell letsencrypt.sh to >>reuse an existing private key for requesting new certs. >>> >> >>Curious: why? >> >>Best regards >> -Tobias > >Well, in my case I had no alternate cert at hand to replace my StartSSL >one. > >So I needed to take care to reuse the existing private key for my new >letsencrypt cert, to give it the same key pin hash, to get online with >the new cert prior to the HPKP expiry/max-age. > >Not sure if I was able to properly explain myself ;-) > >Raoul
-- DI (FH) Raoul Bhatia M.Sc. E-Mail. [email protected] Tel. +43 699 10132530 _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
