Please take care when deploying Let's Encrypt certificates...
ietf-dane at dukhovni.org
Fri Nov 20 01:58:53 CET 2015
If you've published DANE TLSA records for your current certificate
chain, and are considering switch to Let's Encrypt issued certificates,
please do not forget:
I've seen more than one of the early adopters of LE certificates
neglect to update their TLSA records (a few TTLs) *before* deploying
the new LE certificate chain.
More information about the dane-users