https://learn.sparkfun.com/tutorials/max30105-particle-and-pulse-ox-sensor-hookup-guide/all

https://drive.google.com/drive/folders/0B5bwBE9A5dBXaExvdDExVFNrUXM

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested.

https://en.wikipedia.org/wiki/Server_Name_Indication

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites (or any other service over TLS) to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested.

https://en.wikipedia.org/wiki/Server_Name_Indication

According to the documentation, it is possible to tell certbot to reuse the same private key that already exists in the current certificate. Thus I have been running the following command to renew certificates:

certbot renew
–rsa-key-size 4096
–no-self-upgrade
–dns-route53
–noninteractive
–reuse-key
–post-hook ‘systemctl reload nginx.service’

Nevertheless, the cert.pem is modified after this operation – when diffing it with its version before renewal. I would expect it not to change at all since the private key is being reused.

I need to reuse the same public key in order to avoid pinning issues with IOS, is there a way to actually preserve it?

https://community.letsencrypt.org/t/certbot-reuse-key-flag-does-not-preserve-public-key/101049

https://www.thesslstore.com/blog/ssl-certificate-still-sha-1-thumbprint/

https://community.letsencrypt.org/t/does-the-thumbprint-change-every-3-months/94083

9I’m going to be working on this much-delayed feature next week, but I agree with the suggestion to use another ACME client for now. Right now the only way to do this with Certbot is to create a CSR using the old key and then use --csr (which won’t work with certbot renew, so it’s less convenient).

sudo certbot certonly –csr /etc/letsencrypt/csr/csr-certbot.pem

https://community.letsencrypt.org/t/how-to-recreate-lets-encrypt-certificate-with-public-key-from-the-past/60096

https://www.internetsociety.org/blog/2016/03/lets-encrypt-certificates-for-mail-servers-and-dane-part-2-of-2/