You might find this useful
https://github.com/zzz2002/Certbot_TLSAgen_Hook I wrote it to address a
similar problem.
if there is a problem with it let me know and I will try to fix it. i
had intended to add other update mechanisms, but i have not had time to
get working on them.
John A
On
On Fri, Jun 30, 2017 at 07:06:20PM -0500, /dev/rob0 wrote:
> [ LE certificate expired, DANE notification received ]
>
> > My temporary fix was to remove the TLSA records, sorry. I cannot
> > risk losing mail as my poor brain tries to digest all this. :)
>
> 14 months later I got back to this.
On Wed, Apr 20, 2016 at 01:19:29PM -0500, I wrote:
> On Wed, Apr 20, 2016 at 03:53:24PM +, Viktor Dukhovni wrote:
[ LE certificate expired, DANE notification received ]
> My temporary fix was to remove the TLSA records, sorry. I cannot
> risk losing mail as my poor brain tries to digest all
On Wed, Apr 20, 2016 at 03:53:24PM +, Viktor Dukhovni wrote:
> If any of this encourages some readers of this list to deploy
> DNSSEC+DANE, I urge you to make sure that:
>
> * You have publically discoverable email contact addresses
> either via "whois", or the "mrname" of DNS SOA re
On 19/04/2016 4:19 pm, Dirk Stöcker wrote:
> In case you do not know:
>
> There are two other options for free domain verified certificates:
>
> https://www.startssl.com/ - per cert: 1 domain, 1 year
> https://buy.wosign.com/free/?lan=en - per cert: up to 5 domains, 1-3
> years
>
> Ciao
Thanks f
On Tue, Apr 19, 2016 at 04:23:08PM +, Viktor Dukhovni wrote:
> > >In my survey of 12000 DANE TLSA-enabled domains 545 are using LE
> > >certificates.
> >
> > Is this compared to the ~9600 in December last year? That would be 25%
> > increase in your survey?
>
> Yes, but some of that is due t
On Tue, Apr 19, 2016 at 05:19:50PM +0200, Dirk Stöcker wrote:
> >In my survey of 12000 DANE TLSA-enabled domains 545 are using LE
> >certificates.
>
> Is this compared to the ~9600 in December last year? That would be 25%
> increase in your survey?
Yes, but some of that is due to new methods to
On Tue, 19 Apr 2016, Viktor Dukhovni wrote:
On Tue, Apr 19, 2016 at 02:51:58PM +0100, Danny Horne wrote:
Can anyone follow up on this? In other words, are any of you using
Let's Encrypt certificates with any of the TLSA options written about?
In my survey of 12000 DANE TLSA-enabled domains
On Tue, Apr 19, 2016 at 02:51:58PM +0100, Danny Horne wrote:
> Can anyone follow up on this? In other words, are any of you using
> Let's Encrypt certificates with any of the TLSA options written about?
In my survey of 12000 DANE TLSA-enabled domains 545 are using LE
certificates.
The most comp
On 19/04/2016 3:51 pm, Philip McGaw wrote:
> See my attempt.
>
> https://skippy.org.uk/lets-encrypt-postfix-and-dovecot/
>
> Sent from my iPhone
>
>
Are you using TLSA records though? That was what I really wanted
feedback on
signature.asc
Description: OpenPGP digital signature
See my attempt.
https://skippy.org.uk/lets-encrypt-postfix-and-dovecot/
Sent from my iPhone
> On 19 Apr 2016, at 14:51, Danny Horne wrote:
>
> Can anyone follow up on this? In other words, are any of you using
> Let's Encrypt certificates with any of the TLSA options written about?
>
> I'm
Can anyone follow up on this? In other words, are any of you using
Let's Encrypt certificates with any of the TLSA options written about?
I'm considering moving to LE but would like some feedback (last post on
this thread was four months ago so early adopters should have
experienced a renewal by
> On Dec 14, 2015, at 2:57 PM, Jacob Hoffman-Andrews wrote:
>
> On 12/14/2015 11:23 AM, Viktor Dukhovni wrote:
>> May I ask for your help in providing configuration guidance to LE
>> users who also plan to publish DANE TLSA records.
>
> I'd be happy to help, but am a little constrained on time.
On 12/14/2015 11:23 AM, Viktor Dukhovni wrote:
> May I ask for your help in providing configuration guidance to LE
> users who also plan to publish DANE TLSA records.
I'd be happy to help, but am a little constrained on time. If you've got
time, would you mind posting a quick explanation at
https:
On Sat, Dec 05, 2015 at 04:23:16PM -0800, Jacob Hoffman-Andrews wrote:
> On 12/04/2015 11:54 AM, Viktor Dukhovni wrote:
> > Can anyone using LE automated rotation check whether the key stays the
> > same or not?
>
> It is up to the user. The official client will generate new keys for
> each issua
On Sun, Dec 06, 2015 at 12:38:21AM +, Viktor Dukhovni wrote:
> My DANE SMTP survey has so far found 19 domains with 11 distinct
> LE certificates, whose expiration dates are:
>
>2 ; Expiration = 2016-02-01T10:02:00Z
>1 ; Expiration = 2016-02-02T14:15:00Z
>1 ; Expiration = 2016-02-
On Sat, Dec 05, 2015 at 04:23:16PM -0800, Jacob Hoffman-Andrews wrote:
> On 12/04/2015 11:54 AM, Viktor Dukhovni wrote:
> > Can anyone using LE automated rotation check whether the key stays the
> > same or not?
>
> It is up to the user. The official client will generate new keys for
> each issua
On 12/04/2015 11:54 AM, Viktor Dukhovni wrote:
> Can anyone using LE automated rotation check whether the key stays the
> same or not?
It is up to the user. The official client will generate new keys for
each issuance by default, but you can provide a CSR for an existing key
using the --csr flag.
[ FYI, based on text from a recent post to the dane-us...@sys4.de list ]
> Something else to keep in mind with the Let's Encrypt certificates is
> that they have a 90-day lifetime with the automatic renewal process
> starting at sixty days.
Automated replacement might make them entirely unfit for
19 matches
Mail list logo
