Instead of letting gentlsa.py connect to every possible service/server to get the certificate hash, how about specifiying a local path to the certificate? This makes sense, if a certbot is running on the local machine (gentlsa.py is probably often used as hook in conjunction with a certbot).
From a security point of view, it's good to avoid unnecessary network connections. Also, outbound network connections could be a possible reason for failure, in case the target/service cannot be reached for some reason.
Instead of letting gentlsa.py connect to every possible service/server to get the certificate hash, how about specifiying a local path to the certificate? This makes sense, if a certbot is running on the local machine (gentlsa.py is probably often used as hook in conjunction with a certbot).
From a security point of view, it's good to avoid unnecessary network connections. Also, outbound network connections could be a possible reason for failure, in case the target/service cannot be reached for some reason.
Thank you :)