Multiple certificates for single domain

I think people still mostly avoid it because OCSP stapling implementations are still a bit rough around the edges - Apache httpd for example has a lot of problems doing it properly - so it can be easy to “DoS” yourself as a server operator, if there’s an OCSP outage at the CA.

1 Like