4 comments

[ 2.8 ms ] story [ 20.2 ms ] thread
There's a minor typo in the "copy and paste" segment, wherein the second hash is not surrounded by quotes. Regardless, this is great advice.

I trust Lets Encrypt. I don't trust many of the dozens of terrible CAs out there. Key pinning is one great step at mitigating that risk.

Thanks for the feedback, and I'm glad it's of use.

I'll get that typo fixed, though FWIW, it works without the quotes, since it's what validated on my servers. :)

Thanks for the update!

For the reference, I noted on my system, without the quotes, the SSLLabs test gave me a big error claiming the keys were invalid.

This looks great, I will try it when I switch to letsencrypt.