desec-stack icon indicating copy to clipboard operation
desec-stack copied to clipboard

Published 20 hours ago verified publisher icon desec-io

Certbot: Automatically Update TLSA Records

Open nils-wisiol opened this issue 5 years ago • 1 comments

Introduce a client that is able to a automatically update TLSA records on certificate renewal.

nils-wisiol avatar Apr 12 '19 08:04 nils-wisiol

I suggest to use CNAMEs pointig to a TLSA-RRs for wildcard-domains and multiple protocols/ports to reduce the size of zones, e.g.

*._tcp  3600  IN  TLSA   1 1 1 (...)
*._udp  3600  IN  CNAME  *._tcp

renne avatar Apr 24 '20 22:04 renne