On Mon, Sep 21, 2020 at 08:20:07AM -0400, micah anderson wrote:
> > Please note that the Let's Encrypt intermediate CA certificate "X3" will
> > soon be
> > phased out in favour of "R3" and "E1" which have new keys, and so any DANE
> > TLSA
> > "2 1 1" records matching "X3" will not match "R3" o
September 21, 2020 10:13 AM, "Viktor Dukhovni"
wrote:
> On Mon, Sep 21, 2020 at 08:09:25AM +, pat...@patpro.net wrote:
>
>> Just to ensure I've understood this well: if I'm using "3 1 1" I don't
>> need to change anything, right?
>
> Correct. But in that case, see:
>
> https://mail.sys4.d
On Mon, Sep 21, 2020 at 08:09:25AM +, pat...@patpro.net wrote:
> Just to ensure I've understood this well: if I'm using "3 1 1" I don't
> need to change anything, right?
Correct. But in that case, see:
https://mail.sys4.de/pipermail/dane-users/2018-February/000440.html
which describes
Hello,
Just to ensure I've understood this well: if I'm using "3 1 1" I don't need to
change anything, right?
thanks
patpro
September 21, 2020 9:49 AM, "Viktor Dukhovni"
wrote:
> On Mon, Sep 21, 2020 at 04:22:42AM -0200, Viktor Dukhovni wrote:
>
>> Links to the actual certificates can be fo
On Mon, Sep 21, 2020 at 04:22:42AM -0200, Viktor Dukhovni wrote:
> Links to the actual certificates can be found at:
>
> https://letsencrypt.org/certificates/
> https://letsencrypt.org/certs/lets-encrypt-r3.pem
> https://letsencrypt.org/certs/lets-encrypt-e1.pem
>
> The "2 1 1"
Please note that the Let's Encrypt intermediate CA certificate "X3" will soon be
phased out in favour of "R3" and "E1" which have new keys, and so any DANE TLSA
"2 1 1" records matching "X3" will not match "R3" or "E1".
https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html
If you a
