On Tue, Apr 19, 2016 at 02:51:58PM +0100, Danny Horne wrote:
> Can anyone follow up on this? In other words, are any of you using
> Let's Encrypt certificates with any of the TLSA options written about?
In my survey of 12000 DANE TLSA-enabled domains 545 are using LE
certificates.
The most complete how-to style write up is at:
https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022
> I'm considering moving to LE but would like some feedback (last post on
> this thread was four months ago so early adopters should have
> experienced a renewal by now)
See also:
https://www.ietf.org/mail-archive/web/uta/current/msg01498.html
and consider publishing both "2 1 1" and "3 1 1" records, and
monitoring both to make sure both match your chain.
Also make sure your "whois" or DNS SOA email contact address is
correct and read by the postmaster. Something might go wrong,
and it is important to be reachable by email.
--
Viktor.
