* Erwan David: > Does it handle restarting/reloading a program when changing the > certificate ? Postfix does not need it, but dovecot does.
LetsDNS does not obtain or change TLS certificates, because that's what specialised ACME clients like "dehydrated" or "certbot" are for. A hook function in one of these clients would be a reasonable place to restart a service. LetsDNS generates and/or publishes DANE TLSA records matching the certificates it reads. The example configuration I provided shows how this can be used to gracefully roll over certificates when using a staging mechanism. The DANE Users mailing list <dane-us...@sys4.de> is probably better suited for further discussion of this subject. -Ralph
