CNAME aliases for and X.509 certificates [was: Re: WKD for GitHub pages]

Vincent Breitmoser look at
Sat Jan 16 03:26:24 CET 2021

Daniel Kahn Gillmor via Gnupg-users <gnupg-users at> wrote:
> On Mon 2021-01-11 22:59:10 +0100, Ángel wrote:
> > The "make a CNAME of your openpgpkeys subdomain to
> >" couldn't work with https certificate validation,
> > thouth (or are they requesting a certificate on-the-fly?)
> In fact, i believe that *is* requesting and retaining a
> certificate on-the-fly if it finds itself addressed by such a CNAME.

Yep. If that wasn't possible, we wouldn't do it.

btw, if anyone is interested: keys.o.o serves wkd for 224 domains right now.

 - V

More information about the Gnupg-users mailing list