DEV Community


Discussion on: What are the worst security practices you've ever witnessed?

kapouer profile image
Jérémy Lal

Some companies enforce (through CAA policy) the use of a certification authority of their choice to make ssl certificates.
While i was hosting a web site for them, i told them i had automatic renewal setup through an acme client (using letsencrypt).
They wouldn't change their mind, and since they had no way to do automatic renewal, they'll mail me the website certificates whenever they expire :(