Generate a fallback certificate



Is it possible to generate 2 certificates for the same FQDN? This is useful, if I use Public Key Pinning (HPKP). Actual, I pinned the certificates and my own CA as fallback.


Technically you don’t need a fallback certificate for HPKP, you only need a separate private key (for which you can generate a new certificate if you need it).

And yes, you can get two certificates for the same name right now (those are also valid for 90 days).

  1. le certs are 90 days.