On Wed, Nov 15, 2023 at 09:44:18PM +0900, Byung-Hee HWANG via Postfix-users <postfix-users@postfix.org> wrote:
> Thank you for notifying us. Also i'm using 211 TLSA record. > > Honestly, 311 it was not easy to set up to me. > > Sincerely, Byung-Hee As Viktor pointed out, you're not affected, but if you want to use "3 1 1", and you use certbot for your LetsEncrypt certificates, as well as Viktor's danebot program (https://github.com/tlsaware/danebot), my danectl program makes it easy (https://github.com/raforg/danectl). With danectl, you still have to publish/remove the DNS records it tells you to, but it comes with a couple of DNS output adapters to help (for Bind9 zonefiles and for nsupdate). I'm happy to add more DNS output adapters if anyone needs them (and can supply it or help me write and test it). It seems there's another danebot program (https://github.com/stuvusIT/danebot) that (only) works with nsupdate. I don't know enough about it to recommend it or not. cheers, raf _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
