It appears that Carl Byington via mailop <c...@five-ten-sg.com> said: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA512 > >On Fri, 2022-09-02 at 18:42 +0000, ml+mailop--- via mailop wrote: >> Are you sure you want 3 0 1 and not 3 1 1? > >Yes. We are publishing the hash of the full certificate. Note there are >two tlsa records, one corresponding to the previous LE certificate, and >one corresponding to the current LE certificate. That handles the TTL >issues associated with updating the certificate.
That should be OK, but everyone I know does a 3 1 1 cert with just the key since that doesn't change when LE resigns it. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
