Lmst
Login

#RFC8657

Søborgn@norrebro.space
2025-02-03

@thc This is solved with ACME-CAA (#RFC8657), not that people use ACME-CAA, but it is actually fairly easy to setup: norrebro.space/@n/111355026651

Søborgn@norrebro.space
2023-11-05

Keep leaving dangling DNS records pointing towards DO/Linode?
Worried about potential BGP hijacking?
Concerned about running a russian Jabber and the possibility of law enforcement interference?

Well, we've got a solution for you!

Introducing: ACME-CAA (#RFC8657) 🚀

If you're only using Let's Encrypt as CA and Caddy's automatic cert management, you can easily protect against these scenarios. I've written a small guide here: søb.org/ACME-CAA/

Sami Lehtinensl@pleroma.envs.net
2023-10-21
Hardened my domains #DNS / #TLS / #CAA by adding #RFC8657 #accounturi and #validationmethod fields. And specifying those per subdomain where necessary, further restricting certificate issuance.

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst