• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

dyn.dns.he.net certificate

Started by realdreams, October 05, 2016, 05:00:36 PM

Previous topic - Next topic

realdreams

Would you guys switch from CACert to Let's Encrypt so no more need for `--no-check-certificate`?

11rcombs

+1 on this. Additionally, ipv4.dyn.dns.he.net currently uses a cert for dyn.dns.he.net, which is clearly incorrect.

stolen

+1. Anything so that we're not bypassing security checks.

divad27182

-1 on this.  If you want to check the certificate, install CACert's root certificate.

(Personally, I don't understand how "Let's Encrypt" got into the lists... but then that could apply to most of the listed CAs.)

By the way... it looks like Let's Encrypt does not use a Let's Encrypt certificate.  Should anyone?