https://whynothugo.nl/tags/tls/Recent content in Tls on WhyNotHugoHugo -- gohugo.ioenTue, 16 Nov 2021 00:07:08 +0100https://whynothugo.nl/journal/2016/02/07/using-letsencrypt-with-hkpk/Sun, 07 Feb 2016 21:15:40 +0000https://whynothugo.nl/journal/2016/02/07/using-letsencrypt-with-hkpk/HKPK (RFC7469) is a standard that tells browser to cache a certain TLS certificate’s signature, and validate that future visits use that certificate (or a defined backup). I intended on enabling this on my servers, but since letsencrypt renews your certificates every few months, it would mean updating this setting on my nginx configuration. It also means that if something catastrophic happens (like a disk failure), the certificate would be lost, but browsers would still expect to see that same one.