CNAME aliases for and X.509 certificates [was: Re: WKD for GitHub pages]

Daniel Kahn Gillmor dkg at
Fri Jan 15 22:16:31 CET 2021

On Mon 2021-01-11 22:59:10 +0100, Ángel wrote:
> The "make a CNAME of your openpgpkeys subdomain to
>" couldn't work with https certificate validation,
> thouth (or are they requesting a certificate on-the-fly?)

In fact, i believe that *is* requesting and retaining a
certificate on-the-fly if it finds itself addressed by such a CNAME.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list