New tools in Postfix 3.1-20160207

Viktor Dukhovni ietf-dane at
Mon Feb 8 03:39:52 CET 2016

It will soon (when 3.1 is released this month) be much easier
to manage your certificates and TLSA records with Postfix:

This only supports DANE-EE(3) "3 1 1" TLSA records at present,
but should simplify interaction with Let's Encrypt by generating
the CSR for you, and separates creation of keys/certs from
deployment, giving you the opportunity to update the TLSA records
first, let the old records expire from secondary nameservers and
caches and then deploy...


More information about the dane-users mailing list