I have made a wildcard certificate. Very nice.
I now want to add --hsts to it. (and OCSP stapling etc.)
Is it neccesary to make a now one, or is it possible to “feature-update” the existing ?
Have a nice day
/klaus
1 Like
hsts is not a certificate feature.
it’s a webserver configuration option:
certbot enhance --hsts
1 Like
My bad.
I see your point
1 Like
stop, read the certbot user manual if you need, all of the enhancements should be available running certbot enhance interactively.
this is a selection of enhancements that I think make sense for most use cases:
--redirect Automatically redirect all HTTP traffic to HTTPS for
the newly authenticated vhost. (default: Ask)
--hsts Add the Strict-Transport-Security header to every HTTP
response. Forcing browser to always use SSL for the
domain. Defends against SSL Stripping. (default: None)
--uir Add the "Content-Security-Policy: upgrade-insecure-
requests" header to every HTTP response. Forcing the
browser to use https:// for every http:// resource.
(default: None)
--staple-ocsp Enables OCSP Stapling. A valid OCSP response is
stapled to the certificate that the server offers
during TLS. (default: None)
--auto-hsts Gradually increasing max-age value for HTTP Strict
Transport Security security header (default: False)
1 Like
Thanx
I found the info I needed to make it happen
1 Like
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.