[atlas] SSL Certificates for ripe anchors
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bjørn Mork
bjorn at mork.no
Tue Sep 3 13:35:16 CEST 2019
Carsten Schiefner <carsten at schiefner.de> writes: > The tricky bit, however, comes if you want to use this very certificate > in a TLSA RR as well: all of a sudden the RR points to a non-existing > certificate when Letsencrypt's cron job has flipped the certificate. > > I haven't yet really gotten my head around it - but maybe the NCC could > and would?! 8-) You can renew Let's Encrypt certificates without changing the key. And if you use the recommended 3 1 1 TLSA records, then you don't have to change it unless the key is changed. Bjørn
- Previous message (by thread): [atlas] SSL Certificates for ripe anchors
- Next message (by thread): [atlas] SSL Certificates for ripe anchors
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]