Post Azrpv0MGoKvPalBrDk by manawyrm@chaos.social
 (DIR) More posts by manawyrm@chaos.social
 (DIR) Post #Azrpv0MGoKvPalBrDk by manawyrm@chaos.social
       2025-11-03T11:40:48Z
       
       1 likes, 1 repeats
       
       PSA: Use the "accounturi" feature of Let's Encrypt CAA!If you're hosting a safety/security-critical service, there's a way too unknown feature called "accounturi", that allows you to restrict TLS certificate issuance to a single Let's Encrypt account (and account private key).You simply create a CAA record on your domain and put your LE account ID into it.This means that attackers cannot issue TLS certificates and pull man-in-the-middle attacks on your host!https://letsencrypt.org/docs/caa/#the-accounturi-parameter