Get SPKI-hash
Let’s Encrypt Authority X4
curl https://letsencrypt.org/certs/lets-encrypt-x4-cross-signed.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64
Let’s Encrypt Authority X3
curl https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64
ISRG Root X1
curl https://letsencrypt.org/certs/isrgrootx1.pem | openssl x509 -pubkey | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64
Add config to nginx
add_header Public-Key-Pins 'pin-sha256="X4-Hash"; pin-sha256="X3-Hash"; pin-sha256="X1-Hash"; max-age=15768000;';
Reload nginx
nginx -s reload
Latest posts by Kawin Viriyaprasopsook (see all)
- Convert flac audio to ogg/mp3 - 2020-12-20
- Fix systemd resolved not working (127.0.0.53) - 2019-09-23
- Safely remove SATA disk from a running Linux system - 2019-05-24