• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

dyn.dns.he.net certificate

Started by realdreams, October 05, 2016, 05:00:36 PM

Previous topic - Next topic


Would you guys switch from CACert to Let's Encrypt so no more need for `--no-check-certificate`?


+1 on this. Additionally, ipv4.dyn.dns.he.net currently uses a cert for dyn.dns.he.net, which is clearly incorrect.


+1. Anything so that we're not bypassing security checks.


-1 on this.  If you want to check the certificate, install CACert's root certificate.

(Personally, I don't understand how "Let's Encrypt" got into the lists... but then that could apply to most of the listed CAs.)

By the way... it looks like Let's Encrypt does not use a Let's Encrypt certificate.  Should anyone?