When I wrote my previous reply, I had not yet received Let's encrypt's post in which they announced they would not reenable TLS-SNI-01 globally. So this was written based on Let's encrypt only *temporarily* disabling TLS-SNI-01 as stated in their original post and *allegedly* (according to 3rd party posts) asking hosting providers to block uploads of certificates for acme.invalid.
This situation has since changed, and most of my suggestions are thus mostly moot. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy