8 Feb
2016
8 Feb
'16
3:39 a.m.
It will soon (when 3.1 is released this month) be much easier to manage your certificates and TLSA records with Postfix:
http://www.postfix.org/TLS_README.html#built-in
http://www.postfix.org/postfix-tls.1.html
This only supports DANE-EE(3) "3 1 1" TLSA records at present, but should simplify interaction with Let's Encrypt by generating the CSR for you, and separates creation of keys/certs from deployment, giving you the opportunity to update the TLSA records first, let the old records expire from secondary nameservers and caches and then deploy...
--
Viktor.