Letsencrypt would they automate this aspect too with support for HPKP https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning ? so auto generating both the primary and backup CSR/key and SPKIs ? how would automated renewals work come every 90 days ?

Support for HPKP - HTTP Public Key Pinning?

rugk February 7, 2016, 9:27pm 10

It is not that easy, e.g. because LE also has a backup root CA.
If you want to have a robust (failsafe) HPKP header I'd recommend you this official "Best practises":

1 Like

Topic		Replies	Views
Project Proposal: Automating HTTP Public Key Pinning Feature Requests	1	1959	October 2, 2016
HPKP Support tool Client dev	8	1790	June 5, 2018
HTTP Public Key Pinning (HPKP) Server	5	12048	December 11, 2015
HTTP Public Key Pinning script - feel free to use it + please give feedback Server	10	3422	December 30, 2016
Tools for SSL/Key Management? Feature Requests	5	4552	August 28, 2015

Support for HPKP - HTTP Public Key Pinning?

Related topics