Hacker News new | ask | show | jobs
by SahAssar 1100 days ago
> Besides that, you can't get HTTPS for these domains (without the mess of a custom CA and even then you'll run into CT issues)

Of course you can, you just cant use HTTP validation for it. Use DNS validation and it works fine.
1 comments
jeroenhd 1100 days ago
Not if you don't control the DNS. I don't know who controls fbi.com but I sure can't get a trusted certificate for it
link
SahAssar 1100 days ago
That was not the point you made in the original post. You said

> Besides that, you can't get HTTPS for these domains (without the mess of a custom CA and even then you'll run into CT issues) so development doesn't even reflect real life deployments. Secure origins matter!

So you can absolutely make development match deployments.

link