Comment by silverwind
3 years ago
This is actually a great suggestion and ACME providers should provide it as an opt-in feature via CAA record. Not even the provider having access to system memory could issue a mitm cert without you noticing.
3 years ago
This is actually a great suggestion and ACME providers should provide it as an opt-in feature via CAA record. Not even the provider having access to system memory could issue a mitm cert without you noticing.
The provider having access to system memory can copy the private key and use your original key+cert for MITM, unless you are using some fancy HSM.