CNAME aliases for and X.509 certificates [was: Re: WKD for GitHub pages]

Juergen Bruckner juergen at
Sat Jan 16 10:31:03 CET 2021

Hello Group!

Am 16.01.21 um 03:26 schrieb Vincent Breitmoser via Gnupg-users:
> Daniel Kahn Gillmor via Gnupg-users <gnupg-users at> wrote:
>> On Mon 2021-01-11 22:59:10 +0100, Ángel wrote:
>>> The "make a CNAME of your openpgpkeys subdomain to
>>>" couldn't work with https certificate validation,
>>> thouth (or are they requesting a certificate on-the-fly?)
>> In fact, i believe that *is* requesting and retaining a
>> certificate on-the-fly if it finds itself addressed by such a CNAME.
> Yep. If that wasn't possible, we wouldn't do it.
> btw, if anyone is interested: keys.o.o serves wkd for 224 domains right now.
>   - V

Now I'm a bit confused :O
I thought WKD can be used with your own webserver. So why do I have to 
make a CNAME recort pointing to ""?

Or did I understand anything wrong?

BTW ... do any of you know a tutorial to set up WKD for 'Dummies'?

best regards

/¯\   No  |
\ /  HTML |    Juergen Bruckner
  X    in  |    juergen at
/ \  Mail |

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3894 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the Gnupg-users mailing list