Mastodawn

Søborg Feb 3, 2025

@thc This is solved with ACME-CAA (#RFC8657), not that people use ACME-CAA, but it is actually fairly easy to setup: https://norrebro.space/@n/111355026651084793

Søborg (@[email protected])

Keep leaving dangling DNS records pointing towards DO/Linode? Worried about potential BGP hijacking? Concerned about running a russian Jabber and the possibility of law enforcement interference? Well, we've got a solution for you! Introducing: ACME-CAA (#RFC8657) 🚀 If you're only using Let's Encrypt as CA and Caddy's automatic cert management, you can easily protect against these scenarios. I've written a small guide here: https://søb.org/ACME-CAA/

Nørrebro.space

Søborg Nov 5, 2023

Keep leaving dangling DNS records pointing towards DO/Linode?
Worried about potential BGP hijacking?
Concerned about running a russian Jabber and the possibility of law enforcement interference?

Well, we've got a solution for you!

Introducing: ACME-CAA (#RFC8657) 🚀

If you're only using Let's Encrypt as CA and Caddy's automatic cert management, you can easily protect against these scenarios. I've written a small guide here: https://søb.org/ACME-CAA/

Enabling ACME-CAA (RFC-8657) for Caddy webserver

Enabling ACME CAA for Caddy webserver step by step guide

Sami Lehtinen Oct 21, 2023

Hardened my domains #DNS / #TLS / #CAA by adding #RFC8657 #accounturi and #validationmethod fields. And specifying those per subdomain where necessary, further restricting certificate issuance.

Søborg (@[email protected])

Enabling ACME-CAA (RFC-8657) for Caddy webserver

Akkoma