I think that the following should be added to the best practices, to aid newcomers in setting up TLS certificates properly: - Certificates should use ECDSA, as Ed25519 is not widely supported. - Certificates should specify both a Common Name and a Subject Alternative Name.
---