Comment by MattJ100
2 years ago
Yes, you can pin the public key instead, which is generally more helpful. But most ACME clients (including the "official" certbot) default to rotating the key too. That can be disabled, but it's a problematic default for this use case which means clients can't just enable pinning.
How can it be disabled in certbot?
From the docs: https://eff-certbot.readthedocs.io/en/latest/using.html#cert...