Please take care when deploying Let's Encrypt certificates...
Viktor Dukhovni
ietf-dane at dukhovni.org
Fri Nov 20 01:58:53 CET 2015
If you've published DANE TLSA records for your current certificate
chain, and are considering switch to Let's Encrypt issued certificates,
please do not forget:
https://dane.sys4.de/common_mistakes#3
https://tools.ietf.org/html/rfc7671#section-8.1
I've seen more than one of the early adopters of LE certificates
neglect to update their TLSA records (a few TTLs) *before* deploying
the new LE certificate chain.
--
Viktor.
More information about the dane-users
mailing list