probably best to have a section listing ways to protect yourself in general

Sure

Sign up to https://nostr.land and protect your DMs with NIP-42

Anyway, use LE. Ask for a limit increase if you think you will do a high volume. Use the renewal API which is exempt from ratelimits when renewing

You can’t An intermediate can issue certs for any domain so unless you are committed to being certified as being compliant to CA/B rules which will require a lot of expensive people and hardware, and can pay up big $$ to an existing root CA to sign your intermediate, forget about it Many “custom intermediates” are ones they manage fully for you, and only act as a whitelabeling service so the issuer is “Your Name” and not “EvilTrust Certificate Authority”

Why do you need an intermediate? That would basically be running your own *public* CA and would have all the requirements of that. You are stuck with LE or creating your own root

this applies to here as well…

notified about what specifically?

nostr.land export is the only one worth using, no options to wrangle with or waiting a very long time to scan all relays:

we need better split tunneling in VPN apps

fully custom tooling