Scott Helme offers insights into web security, HTTPS adoption, and best practices for securing online services, providing articles, workshops, and security tools to help organizations protect against cyber threats. By exploring Scott Helme's curated content, developers can learn about HTTP security headers, Content Security Policy (CSP), and TLS encryption for securing web applications and APIs. Whether you're a web developer, sysadmin, or security professional, Scott Helme offers resources to enhance your cybersecurity knowledge and defend against common vulnerabilities.

Scott Helme

DNS-PERSIST-01 is a new domain control validation method arriving in 2026 that allows certificate authorities to issue certificates based on a single, static DNS record rather than dynamic challenges. Unlike existing methods (HTTP-01, DNS-01, TLS-ALPN-01) that require real-time responses, this approach lets you set one persistent TXT record specifying your ACME account and policy preferences. While it significantly reduces complexity for certificate automation—especially valuable as certificate lifetimes shrink to 47 days by 2029—it raises security concerns around ACME account credential protection and the permanence of validation records. The specification recommends setting expiration dates and regularly refreshing records to balance convenience with security.

DNS-PERSIST-01; Handling Domain Control Validation in a short-lived certificate World

<p>This  has the potential to reduce complexity with the domain setup for public services running in my homelab quite a bit.</p>
<p>Looking forward to use it</p>
