On Dec 29, 2016, at 4:24 PM, Michael Grimm trashcan@ellael.org wrote:
The folks at https://mailinabox.email/ have automated LE certificate management and key rotation. In my survey I see repeated successful TLSA record and certificate rollovers for domains running that stack. I continue to be impressed by their attention to detail.
The mailinabox MX hosts represent 526 out of of ~2300 MX hosts with working TLSA records, so their stack is a noticeably large fraction of the deployed base (by server count, the hosting providers of course dominate by domain count).
Ok, it *can* be done (by professionals :-) ).
Perhaps "dedicated volunteers" is a more apt description. You might find that using their software is simpler than "do it yourself" (DIY). If all you want is a low-effort working mailserver for a personal domain, check out the mailinabox.email option.