Hacker News new | past | comments | ask | show | jobs | submit login

If you’re doing DNS-based auth you don’t need to renew the certainly on the web-server at all.

You can generate them on a secure host (or container) which pushes the certs to the machines which needs them.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact