Public Key Pins Header


Currently clients have no way to pin a public key of the API.

It would be nice if LetsEncrypt offered a supported way for a client to pin a public key against the API’s certificate chain.

I would propose that LetsEncrypt start sending the Public-Key-Pins HTTP header so that clients that want to start pinning public keys have a supported and automated means to do so.

To be clear, this isn’t a request for pinning public keys for certificates that the Let’s Encrypt CA issues, rather this is for the ACME API itself so that clients may pin against it.


For reference linking to the previous thread on that subject:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.