I’m having an easy time of adding the primary pin, since I can hash the existing certificate. But I need a valid backup pin.
I read something about using an upstream pin, such as the CA certificate, and so on, but those don’t look to be valid pins. It seems that in real world, the certificate process is handled locally and you’d have a CSR generated and ready to use when it comes to generating a new certificate. This isn’t the case for Cloudflare users.
What should the backup pin be? For now, I generated my own CSR, etc, but I doubt it will work as a backup pin.