Add function to existing certificate

I have made a wildcard certificate. Very nice.
I now want to add --hsts to it. (and OCSP stapling etc.)
Is it neccesary to make a now one, or is it possible to “feature-update” the existing ?

Have a nice day

1 Like

hsts is not a certificate feature.

it’s a webserver configuration option:

certbot enhance --hsts

1 Like

My bad.
I see your point

1 Like

stop, read the certbot user manual if you need, all of the enhancements should be available running certbot enhance interactively.

this is a selection of enhancements that I think make sense for most use cases:

  --redirect            Automatically redirect all HTTP traffic to HTTPS for
                        the newly authenticated vhost. (default: Ask)
  --hsts                Add the Strict-Transport-Security header to every HTTP
                        response. Forcing browser to always use SSL for the
                        domain. Defends against SSL Stripping. (default: None)
  --uir                 Add the "Content-Security-Policy: upgrade-insecure-
                        requests" header to every HTTP response. Forcing the
                        browser to use https:// for every http:// resource.
                        (default: None)
  --staple-ocsp         Enables OCSP Stapling. A valid OCSP response is
                        stapled to the certificate that the server offers
                        during TLS. (default: None)
  --auto-hsts           Gradually increasing max-age value for HTTP Strict
                        Transport Security security header (default: False)
1 Like

I found the info I needed to make it happen

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.