Hello sirs.. Trying hard to get my head around some understanding of this HPKP stuff. When a site is created in CMM - it also gets HPKP generated commented out - like this: Code: #add_header Public-Key-Pins 'pin-sha256="iAohr08REOhE8EBXYthVZyxrIE/yuZbTNz/8+c5JBeE="; pin-sha256="bgLN5U0V2ougSd/t2WghRaaU8Yx3xMTMxNOp0bHqHiI="; max-age=86400'; My question is - If I replace the self-signed certificate with one from, lets say letsencrypt or Comodo, do I still use the auto-generated HPKP keys or do I need to generate another one and replace it? As now I think I need to replace it because that key is generated out of the self-signed crt, right? If I need to replaced it - what is the command to do so? Have found something like this but is that correct? Code: openssl x509 -pubkey < MyOwn.crt | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 Hope for some feedback from anyone who have fiddle with that or can point me in some directions. Thanks in advance for participate.