I think server software should handle certificates for you and clients should TOFU them. Dealing with certificates is annoying and dumb and the CAs are a cabal and we don't need any of that noise in our brave new gemini future. My server implementation generates 1-year certificates on startup for any domain its configured to service, and automatically rotates them. The admin isn't involved in this in any capacity, except to copy+paste the certificate store if they move between servers.
---
Previous in thread (4 of 5): 🗣️ colecmac (a) protonmail.com (colecmac (a) protonmail.com)