From 92759fcca51c20da39b2c44a90f84637d3d34748 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Fri, 16 Jan 2026 14:07:44 +0100 Subject: [PATCH] doc/netwatch-dns: give hint on multiple certificates --- doc/netwatch-dns.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/netwatch-dns.md b/doc/netwatch-dns.md index 286fe474..73829974 100644 --- a/doc/netwatch-dns.md +++ b/doc/netwatch-dns.md @@ -64,11 +64,13 @@ Be aware that you have to keep the ip address in sync with real world manually! Importing a certificate automatically is possible. You may want to find the -[certificate name from browser](../CERTIFICATES.md). +[certificate name from browser](../CERTIFICATES.md). Sometimes a service +randomly switches the CA used to issue the certificate, or it just depends +geolocation - give several certificate delimited with colon (`:`) then. /tool/netwatch/add comment="doh, doh-cert=SSL.com Root Certification Authority ECC" host=1.1.1.1; /tool/netwatch/add comment="doh, doh-cert=DigiCert Global Root G3" host=9.9.9.9; - /tool/netwatch/add comment="doh, doh-cert=GTS Root R1" host=8.8.8.8; + /tool/netwatch/add comment="doh, doh-cert=GTS Root R1:GTS Root R4" host=8.8.8.8; > ⚠️ **Warning**: Combining these techniques can cause some confusion and > troubles! Chances are that a service uses different certificates based