@letsencrypt Hey.

@winniehell @julijane Because those are the rules of webpki. You can not distinguish between a key that was compromised by accident and by choice. So a private key that showed up in public is considered compromised and needs to be replaced.

Fix: use your own domain and generate a certificate for a name that points to localhost. With Let's Encrypt and ACME this is completely automatic.

@wonka @benbe Or just use the procedure in https://letsencrypt.org/docs/revoking/.

@letsencrypt Hey. What would you say about https://get.localhost.direct/? They share a Lets Encrypt wildcard cert and corresponding private key with everybody.

crt.sh | 15227323293

Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)

(crt.sh)

@simon Hmm, my Chromium 126 does not even allow me to access the `chrome.runtime` API from any page. It is also mentioned that this API is for extensions and content scripts, aka not for plain pages.