Certificate pinning?

Also all let’s encrypt certs are public. So if someone malicious gets a cert for your domain, you can notice.

(Thats also why it may be a bad idea to use that for secretButPublicStuff.Yourdomain.com certificate transparency logs are a great way to find attack surface.)

edit oh certificate pinning has been deprecated in favor of checking transparency logs.

Note: every file on Ipfs is unencrypted and semi-public unless you encrypt before upload.