29 Dec
2016
29 Dec
'16
10:12 p.m.
On 29 Dec 2016, at 21:56, Patrick Domack patrickdk@patrickdk.com wrote:
Quoting Michael Grimm trashcan@ellael.org:
But until that time, I will avoid human intervention into a process where two autorotation tools go for "incompatible" tasks :-) Or is there one single tool dealing with DNSSEC, TLSA rotation, and LE upgrades on the market?
You just add it as part of your certificate update script.
Just like you would have it bind a call to update like apache for certificate pinning, you have it call nsupdate to add the new tlsa record into your dns server.
Well, that sound much better than assumed. But I will test it in a test jail, first.
Thank you, again, and with kind regards, Michael