On Sun, Jan 10, 2021 at 11:22 PM Ángel <an...@pgp.16bits.net> wrote: > > On 2021-01-10 at 18:47 +0100, Stefan Claas via Gnupg-users wrote: > > Can you tell me/us in laymen terms how this works with gnupg.org? > > > > openpgpkey.gnupg.org has address 217.69.77.222 > > openpgpkey.gnupg.org has IPv6 address 2001:aa8:fff1:100::22 > > > > Regards > > Stefan > > Sure. Let's suppose you wanted to fetch Werner's key. You want the key > for w...@gnupg.org Using --with-wkd-hash parameter, we can see that this > would generate nq6t9teux7edsnwdksswydu4o9i5e...@gnupg.org > > Then, the key of Werner lives at > https://openpgpkey.gnupg.org/.well-known/openpgpkey/gnupg.org/hu/nq6t9teux7edsnwdksswydu4o9i5es3f > > If openpgpkey.gnupg.org didn't exist, then it would use the direct schema, in > which the key would be at > https://gnupg.org/.well-known/openpgpkey/hu/nq6t9teux7edsnwdksswydu4o9i5es3f
Thanks, so I think the culprit could be that maybe the specs were changed, when I look at your links, including the gnupg.org domain as a folder, which I never set-up when doing this for my 300baud.de domain. I checked also older WKD tutorials on the Internet and they do not mention a domain folder either. I tried to include this domain folder, this morning, named sac001 but it did not work either, whether with GnuPG or sequioa-pgp. So my guess is that GnuPG gives this cert error because it does not support wildcard subdomains, included in an SSL cert, like the GitHub one. Not sure if Let's Encrypt issues such certs. If, I could set-up two droplets at Digital Ocean, a bob.300baud.de one and an alice.300baud.de one and see what happens. Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users