i finally got around to auto-publishing 311 tlsas when my le certs renew. (one-handed typing really sucks.) in doing that I added a column to keep track of the notafter for the cert associasted with eacy tlsa, and plan a daily cron job to delete old ones.
Is there any value in waiting until some time after the associated cert's notafter before deleting a 311 tlsa? Assuming of course that a replacement is in place.... Automating signals to the daemons to use the new certs comes next. For now that step remains manual. I am thinking of waiting a day or so before triggering the cert reloads. -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6 _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations
