Please take care when deploying Let's Encrypt certificates...

Viktor Dukhovni ietf-dane at
Fri Nov 20 01:58:53 CET 2015

If you've published DANE TLSA records for your current certificate
chain, and are considering switch to Let's Encrypt issued certificates,
please do not forget:

I've seen more than one of the early adopters of LE certificates
neglect to update their TLSA records (a few TTLs) *before* deploying
the new LE certificate chain.


More information about the dane-users mailing list