See my attempt. https://skippy.org.uk/lets-encrypt-postfix-and-dovecot/
Sent from my iPhone > On 19 Apr 2016, at 14:51, Danny Horne <da...@trisect.uk> wrote: > > Can anyone follow up on this? In other words, are any of you using > Let's Encrypt certificates with any of the TLSA options written about? > > I'm considering moving to LE but would like some feedback (last post on > this thread was four months ago so early adopters should have > experienced a renewal by now) > > On 14/12/2015 10:03 pm, Viktor Dukhovni wrote: >>> On Dec 14, 2015, at 2:57 PM, Jacob Hoffman-Andrews <j...@eff.org> wrote: >>> >>>> On 12/14/2015 11:23 AM, Viktor Dukhovni wrote: >>>> May I ask for your help in providing configuration guidance to LE >>>> users who also plan to publish DANE TLSA records. >>> I'd be happy to help, but am a little constrained on time. If you've got >>> time, would you mind posting a quick explanation at >>> https://community.letsencrypt.org/c/server-config of why "3 0 1" records >>> are risky with LE certificates, and the alternatives? I think the email >>> below is a good start, and if you prefer not to create an account on our >>> forums I could repost it with permission. I'll then pin the post for >>> some time to make people see it. >> Thanks. >> >> https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022 > >
