You might find this useful
https://github.com/zzz2002/Certbot_TLSAgen_Hook I wrote it to address a
similar problem.
if there is a problem with it let me know and I will try to fix it. i
had intended to add other update mechanisms, but i have not had time to
get working on them.
John A
On 6/30/2017 8:06 PM, /dev/rob0 wrote:
On Wed, Apr 20, 2016 at 01:19:29PM -0500, I wrote:
On Wed, Apr 20, 2016 at 03:53:24PM +0000, Viktor Dukhovni wrote:
[ LE certificate expired, DANE notification received ]
My temporary fix was to remove the TLSA records, sorry. I cannot
risk losing mail as my poor brain tries to digest all this. :)
14 months later I got back to this. :)
I'm going to consider my options here before I replace the TLSA
records. I am thinking I only want my LE cert on submission (so
that MUAs will be able to verify it) and to replace my port 25 cert
with one from my own private CA.
And this is what I have done, initially on domain nodns4.us, but
several other zones are signed and will be using TLSA records.
Thanks again for all your work on DANE and Postfix.
Thanks also to P@rick and the sys4.de gang for the validation site.
Question: I noticed my domain in a drop-down list there. Is the
validation site maintaining a list of DANE-enabled and former DANE
zones? IOW, should I drop a note to Victor when adding more zones,
or is the validation site taking care of that?
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
