19 Feb
2017
19 Feb
'17
1:20 p.m.
Attached is a bash script that I am developing to automate the generation of TLSA records from Letsencrypt certificates.
the script is called from the certbot renew hook, it can also be run stand alone - Certbot_TLSAgen path-to-certificate "space separated list of domains included in cert"
It seems to work, but would some kind sole take a look and where I have or are about to screw up.
Any suggestions as to how to get the output into my DNS (Bind9) preferably without using nsupdate. I am not keen on nsupdate as it makes a mess of the zone files, which I use as documentation for my DNS.
Has anybody heard of a electronic "one time pad" system.
TIA
JohnA