How do you intend to deal with the DNS caching issues? I.e, that you need to renew the SSL cert and then publish it in the DNS for at least one TTL before actually putting the cert in to production.
Mike
* on the Sun, Feb 19, 2017 at 01:20:52PM -0500, John Allen wrote:
Attached is a bash script that I am developing to automate the generation of TLSA records from Letsencrypt certificates.
the script is called from the certbot renew hook, it can also be run stand alone - Certbot_TLSAgen path-to-certificate "space separated list of domains included in cert"
It seems to work, but would some kind sole take a look and where I have or are about to screw up.
Any suggestions as to how to get the output into my DNS (Bind9) preferably without using nsupdate. I am not keen on nsupdate as it makes a mess of the zone files, which I use as documentation for my DNS.
Has anybody heard of a electronic "one time pad" system.