Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] Let's Encrypt

discuss AT

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Let's Encrypt

Chronological Thread 
  • From: Calum McAlinden <calum AT>
  • To: discuss AT
  • Subject: Re: [opennic-discuss] Let's Encrypt
  • Date: Mon, 04 Apr 2016 09:47:50 +0100

I don't think this would work. Validation of ICANN domains only is probably a requirement for certificate authorities to be included in major browsers and operating systems. If Let's Encrypt were to issue certificates to any non ICANN domain, they would be removed from major browsers and this would render the certificates about as useful as CAcert's.

On Mon, 4 Apr, 2016 at 6:44 AM, Blixa Morgan <blixa AT> wrote:
Actually, from a cert signing side, Let's encrypt should have a master cert that is valid for anything, including non-icann domains.  What would prevent it from working is their domain validation service, which will attempt to connect to the domain name before approving the certificate.  Since they do not currently use opennic on their let's encrypt servers, they would get a DNS failure.

So all we would need to do is get them to set up a validation server that uses opennic, and all should be good.

On Sun, Apr 3, 2016, 17:59 Carlo Stemberger <carlo.stemberger AT> wrote:
2016-04-03 21:42 GMT+02:00 Neal J. de Waard <inewbcake AT>:
No, they cannot issue certs to domains under TLDs not recognized by ICANN

That's a pity. I see two possible solutions:

1) convince them to certify (at least) OpenNIC domains
2) create an alternative and convince Mozilla, Google etc. to consider their certificates as valid



You are a member of the OpenNIC Discuss list.
You may unsubscribe by emailing discuss-unsubscribe AT

Q: Why is this email five sentences or less?

Archive powered by MHonArc 2.6.19.

Top of Page