[Ach] bettercrypto.org cert blocked in chrome 56

Raoul Bhatia raoul at bhatia.at
Tue Nov 29 07:14:05 CET 2016


On November 28, 2016 11:32:10 PM GMT+01:00, Raoul Bhatia <raoul at bhatia.at> wrote:
>On November 28, 2016 11:14:34 PM GMT+01:00, Tobias Pape
><Das.Linux at gmx.de> wrote:
>>On 28.11.2016, at 23:12, Raoul Bhatia <raoul at bhatia.at> wrote:
>>> I've successfully transitioned existing StartSSL certificates + HPKP
>>/ HSTS to letsencrypt.sh (via the Debian package).
>>> I know I am not the first to do such a thing, but maybe you'd like
>>have some quick pointers to get this resolved ASAP.
>>> Raoul
>>> PS. The most important thing is to initially tell letsencrypt.sh to
>>reuse an existing private key for requesting new certs.
>>Curious: why?
>>Best regards
>>	-Tobias
>Well, in my case I had no alternate cert at hand to replace my StartSSL
>So I needed to take care to reuse the existing private key for my new
>letsencrypt cert, to give it the same key pin hash, to get online with
>the new cert prior to the HPKP expiry/max-age.
>Not sure if I was able to properly explain myself ;-)

DI (FH) Raoul Bhatia M.Sc.
E-Mail. raoul at bhatia.at
Tel. +43 699 10132530

More information about the Ach mailing list