It is a matter of distributing the certificate among 3 or more different
servers that the fqdn points to.
On 8/10/2025 1:20 PM, Chris Knight wrote:
In the age of Lets Encrypt and free certificates, is there a reason
www.qmailtoaster.com, wiki.qmailtoaster.org
<http://wiki.qmailtoaster.org> and qtp.qmailtoaster.org
<http://qtp.qmailtoaster.org> are either insecure or don’t have
correct certs on them?
The wiki says to fetch qmqtool with the command 'wget -P
/usr/local/bin https://qtp.qmailtoaster.org/bin/qmqtool'
<https://qtp.qmailtoaster.org/bin/qmqtool'> but the cert isn’t correct
for it. In an age of supply chain attacks, I’m not going to override
certain protections when downloading a tool that could affect my mail
server.
# wget -P /usr/local/bin https://qtp.qmailtoaster.org/bin/qmqtool
--2025-08-10 12:15:29-- https://qtp.qmailtoaster.org/bin/qmqtool
Resolving qtp.qmailtoaster.org (qtp.qmailtoaster.org)...
216.242.130.30, 216.224.226.126, 66.62.95.221
Connecting to qtp.qmailtoaster.org
(qtp.qmailtoaster.org)|216.242.130.30|:443... connected.
ERROR: The certificate of ‘qtp.qmailtoaster.org’ is not trusted.
ERROR: The certificate of ‘qtp.qmailtoaster.org’ doesn't have a known
issuer.
The certificate's owner does not match hostname ‘qtp.qmailtoaster.org’
