desec-stack
desec-stack copied to clipboard
Certbot: Automatically Update TLSA Records
Introduce a client that is able to a automatically update TLSA records on certificate renewal.
I suggest to use CNAMEs pointig to a TLSA-RRs for wildcard-domains and multiple protocols/ports to reduce the size of zones, e.g.
*._tcp 3600 IN TLSA 1 1 1 (...)
*._udp 3600 IN CNAME *._tcp