Letsencrypt renew-hook
Patrick Domack
patrickdk at patrickdk.com
Wed Apr 26 18:33:15 CEST 2017
I'm not sure what you mean by linux servers need SRV records. SRV is
not a linux thing, and linux doesn't need them.
It could be whatever application you are using needs SRV records though.
My use case is for https (really for my own personal use) and smtp,
and my hook script to install and remove tlsa records works perfect,
and no SRV records are used.
Quoting john <john at klam.ca>:
> I have been working on a renew-hook for letsencrypt/certbot.
>
> The idea was that it would generate new TLSA records when the
> certificates were updated, automatically install them and
> automatically remove the old ones after a suitable delay.
>
> While I was putting it together I made some assumptions about the
> environment that TLSA records would be found in, in particular the
> DNS configuration. It seems I am probably wrong.
>
> Is an automatic TLSA update system worth doing? Are the
> prerequisites that I think might make it work too onerous. Eg.
> Linux servers, need SRV records in order to determine the port and
> host for each TLSA record.
>
> John A
More information about the dane-users
mailing list