alexzorin

I think #4832 changed things around so that the root and intermediates are generated at runtime using the new ceremony tool. [PKI.md](https://github.com/letsencrypt/boulder/blob/master/test/PKI.md) got updated as well: >The private keys are...

Thank you. If the performance win is mainly around verifying JWS on non-account-related operations, would it be possible to exclude from the WFE cache the following? 1. `newAccount` with `onlyReturnExisting`...

Thank you!!! Turns out my initial confusion (where I had tried `__getattribute__` previously) had to do with my `python -d` REPL not including `DeprecationWarning` in its default filters. I thought...

Hello, >I'm using a hook, but sometimes I only want to know whether the cert was renewed, so I can take some action Could you elaborate on why `--deploy-hook` (or...

This is intentional, but I can see how it's confusing. One of the things `--dry-run`does is to set the server to `https://acme-staging-v02.api.letsencrypt.org/directory`, unless further overridden by `--server` (on the CLI...

There are some conflicts between having PKCS#11 support and how Certbot works. The regular way Certbot works, expects to have the private key on disk. Changing this assumption would be...

See also - #5828 for modifying renewal parameters without actually renewing - #5658 for invoking hooks on dry runs

There is more background about Linode scopes here: #8702. I still don't know what the truth of the matter is. Everybody is saying different things and I've never been able...

According to comments in https://github.com/acmesh-official/acme.sh/pull/4025, this provider is now fully defunct. Although this means there are no longer any legitimate users, I suppose we need to go through a deprecation...

It looks like `ipv6only` is currently the only `listen` parameter which (potentially) survives in `_make_server_ssl`. We could copy over other non-blacklisted (#6118) parameters.