lets encrypt tls

Been using for a while now and now i using dns entries to validate , the certbot software (my blog\ is a lot better than it used to be as it does not stacktrace every two seconds.

Having to do multihost is also possible.- although tlsa records is something i have yet to automate in the zone files when the tls renewal happens.

Not that anybody checks those anyhow.

After the change of ownership of paid ssl providers to include a firm that hacks ssl/tls for governments this is not me being cheap but ethical – how safe are those issued certificates (ny blog) from the hacking firm also owned by the parent company.