Generate a fallback certificate


#1

Hallo,

Is it possible to generate 2 certificates for the same FQDN? This is useful, if I use Public Key Pinning (HPKP). Actual, I pinned the certificates and my own CA as fallback.


#2

Technically you don’t need a fallback certificate for HPKP, you only need a separate private key (for which you can generate a new certificate if you need it).

And yes, you can get two certificates for the same name right now (those are also valid for 90 days).


#3
  1. le certs are 90 days.