uh, at some point i apparently had a Sectigo/Comodo certificate issued for my domain name and i'm really hoping i can remember how/why?? (there's a DNS record for it, and i can see it in the CT logs)
Conversation
it seems to be a few hours after i renewed my domain name with Namecheap and Namecheap owns my DNS and Namecheap sells PositiveSSL certificates so i'm definitely looking in 's direction right now 👀
2
2
DNS registrar synthetic record for a domain / subdomain redirect. Could also be from a parked domain page which they might enable by default.
1
You can set up a CAA record to forbid CAs other than Let's Encrypt from issuing certificates for your domain.
There's also an upcoming feature for pinning your Let's Encrypt accounts to have actual secure authentication. Only supported by their staging server (dry runs) for now.
2
Check `drill grapheneos.org CAA` for an example setting up the fancy new accounturi and validationmethods features.
Those are currently a no-op with their production server but their staging server enforces it. Hoping that they deploy it to production soon though.
