I changed the preferred chain here, and for all my domains (thx o/ !).
it certainly didn't hurt.
Presumably you then also *force* renewed the certificate chain.
yes
After the dns cleanup, switching BACK the preferred chain didn't
reinit the issue.
Did you *force* renewal at that point?
ah. i think so ... worth a repeat.
In any case, I want to set up a DNSSEC rollover 'canary' ...
tool/script that'll notify me on failures, like "this". Before I cobble
something up from scratch -- is there a recommended/best-practice tool
for the job?
See
https://github.com/baknu/DANE-for-SMTP/wiki/2.-Implementation-resources#221-deployment-and-monitoring
Perhaps, specifically: https://github.com/PennockTech/smtpdane but let
us know which worked out best for you.
hadn't seen those. thx for the useful refs!
However, perhaps simple is best in which case tweak the attached bash
shell script to meet your needs.
thxalot o/
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
