I really like the acast custom signature tag
```
<acast:signature key="EXAMPLE" algorithm="aes-256-cbc"><![CDATA[wbG1Z7 6h9QOi CR1Dv0uQ==]]></acast:signature>
```
Found "Les actus du jour - Hugo Décrypte". So many things that are plain wrong in a single line.
new things i want to learn now:
- geoDNS to route people to nearby servers (why do all the geo DNS servers look kinda janky?)
- TLS via acme protocol / let's encrypt, but without certbot
Question about #Caddy: Does the acme_server db increase in size until disk saturation or is there a pruning mechanism somewhere to delete expired certificates?
I could not find any option regarding pruning, in the Caddyfile config, nor in the JSON config, and I failed to spot any in the source code...
I have a db file still containing certificates that are several months old. The db file was stored in a volume with very limited size and the db ended up filling it entirely (> 100MB) for 20 ACME clients. Chaos ensued.
#infosec #acme #devops