Best practice TLSA RRs for CA-issued certs

Michael Grimm trashcan at
Thu Dec 29 22:47:01 CET 2016

On 29 Dec 2016, at 22:29, Viktor Dukhovni <ietf-dane at> wrote:
>> On Dec 29, 2016, at 4:24 PM, Michael Grimm <trashcan at> wrote:

>>> The folks at have automated LE certificate
>>> management and key rotation.
>> Ok, it *can* be done (by professionals :-) ).
> Perhaps "dedicated volunteers" is a more apt description.  You might
> find that using their software is simpler than "do it yourself" (DIY).
> If all you want is a low-effort working mailserver for a personal
> domain, check out the option.

No, no, this is my hobby, and I will not let go :-) I am confident that I will get LE certificates running. 

I only had had the fear that mailing might break while being abroad, because manual intervention might have been missed during such a period in time.

Thanks and regards,

More information about the dane-users mailing list