Re: Letsencrypt & TLSA - automation
Is the process to update the serial number automatic? If so care to share.
On 2017-02-20 4:04 AM, Casper Gielen wrote:
Op 19-02-17 om 19:20 schreef John Allen:
Attached is a bash script that I am developing to automate the generation of TLSA records from Letsencrypt certificates.
the script is called from the certbot renew hook, it can also be run stand alone - Certbot_TLSAgen path-to-certificate "space separated list of domains included in cert"
It seems to work, but would some kind sole take a look and where I have or are about to screw up.
Any suggestions as to how to get the output into my DNS (Bind9) preferably without using nsupdate. I am not keen on nsupdate as it makes a mess of the zone files, which I use as documentation for my DNS.
It may not be the cleanest method, but I use the INCLUDE statement in my zones to include snippets of externally maintained information.
The script I use outputs the required records and I just put it in the right file and trigger a procedure to update the serial number and reload Bind.
Op 20-02-17 om 11:55 schreef John Allen:
Is the process to update the serial number automatic? If so care to share.
Just a tiny and unreliable script that works in my controlled environment where zonefiles use a serial based on the date. I wouldn't recommend using it as is, but I've attached it for inspiration.
participants (2)
-
Casper Gielen
-
John Allen