20 Nov
2015
20 Nov
'15
1:58 a.m.
If you've published DANE TLSA records for your current certificate chain, and are considering switch to Let's Encrypt issued certificates, please do not forget:
https://dane.sys4.de/common_mistakes#3
https://tools.ietf.org/html/rfc7671#section-8.1
I've seen more than one of the early adopters of LE certificates neglect to update their TLSA records (a few TTLs) *before* deploying the new LE certificate chain.
--
Viktor.