* Erwan David: > as you can see, let'sDNS would have to act in cooperation with the > certificate update.
Which is exactly why I launch LetsDNS from a "dehydrated" hook whenever the latter has obtained a new certificate, but before that certificate is moved from staging into production. This allows publishing TLSA records for the queued certificate hours or days before it becomes active. Again, https://github.com/LetsDNS/letsdns/discussions seems like a better place to discuss this than the Postfix mailing list. -Ralph
