Please use DNSSEC to secure all host names used for letsencrypt.org – especially acme-v02.api.letsencrypt.org. Thank you!
4 Likes
I agree. Although the ACME production API URI is "just" a CNAME, the CloudFlare DNS infrastructure to which the CNAME is pointing does actually support DNSSEC. So, there really isn't any good reason IMO not to also start supporting DNSSEC on at least the ACME API URIs.
3 Likes
Cool to see! OCSP still uses the unsigned Akamai domains though.
3 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.