[atlas] SSL Certificates for ripe anchors
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carsten Schiefner
carsten at schiefner.de
Tue Sep 3 14:34:10 CEST 2019
Hi Bjørn, > Am 03.09.2019 um 13:35 schrieb Bjørn Mork <bjorn at mork.no>: >> The tricky bit, however, comes if you want to use this very certificate >> in a TLSA RR as well: all of a sudden the RR points to a non-existing >> certificate when Letsencrypt's cron job has flipped the certificate. >> >> [...] > > You can renew Let's Encrypt certificates without changing the key. And > if you use the recommended 3 1 1 TLSA records, then you don't have to > change it unless the key is changed. ah! :-) Would you have a specific pointer in mind you’d recommend and so like to share? Thanks & best, -C.
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]