Thanks. The first link appears to have the correct sha1sum for the new certificate. As noted, you can find the tweet for that in the Duckco twitter account (, if you don't want to just follow a link from the thread here.

The second links just leads to a 404 error, however.

It's hard to believe there's not a better way to deal with verifying the certificate and that DuckDuckGo does so little to make that information easy to find. What's the point of encrypted communication, if people just have to randomly accept certificates with no obvious way to verify the validity? I imagine most people just hit the "accept" button and don't think about that they could be completely undermining their encryption.
posted by <hidden> • 4 years and 1 month ago Link