← Back to context

Comment by Jenda_

3 years ago

The thread above (https://news.ycombinator.com/item?id=37958831) elaborates on how to force DNS validation and/or how to tie your private key with Let's Encrypt via DNS.

Everyone needs to opt-in to use more secure methods and by default non-secure validation methods, which allow easy issuing fake certificates, are allowed. This is wrong.

  • So, what should they do? No certificate without DNS record? Would this really help the overall state of affairs, or would most sites just not use HTTPS at all because it's "too complicated"?