Regarding using Let's Encrypt with TLSA/DANE and HPKP: I wrote a short Blog-entry about using Let's encrypt with CSRs - keeping the RSA-Keypair when renewing the certificate.
maybe somebody finds this helpful (in German): https://hitco.at/blog/lets-encrypt-csr/ As keeping the RSA-Keypair when renewing Certificates is not best-practice security, probably this is *not* a chapter you would like me to add to the BetterCrypto-Guide? best regards, Gunnar _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
