On Sat, Nov 18, 2023 at 04:33:46PM +0900, Byung-Hee HWANG via Postfix-users
wrote:
> > or if you prefer:
> >
> > _25._tcp.mx1.org.example. IN CNAME _25._tlsa.org.example.
> > _25._tcp.mx2.org.example. IN CNAME _25._tlsa.org.example.
> > ...
> > _25._tcp.mxN.org.example. IN CNAME _25._tlsa.org.example.
> > ;
> > _25._tlsa.org.example. IN TLSA 2 1 1
> > 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d ; R3
> > _25._tlsa.org.example. IN TLSA 2 1 1
> > e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03 ; R4
> > _25._tlsa.org.example. IN TLSA 2 1 1
> > 276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10 ; E1
> > _25._tlsa.org.example. IN TLSA 2 1 1
> > bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270 ; E2
>
> Thank you for the clear summary. I did update all again.
>
Good job, you're set until some future change a few years down the line.
_25._tcp.yw-0919.doraji.xyz. IN CNAME rfc7671.doraji.xyz.
_25._tcp.yw-1204.doraji.xyz. IN CNAME rfc7671.doraji.xyz.
rfc7671.doraji.xyz. IN TLSA 2 1 1
8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d
rfc7671.doraji.xyz. IN TLSA 2 1 1
e5545e211347241891c554a03934cde9b749664a59d26d615fe58f77990f2d03
rfc7671.doraji.xyz. IN TLSA 2 1 1
276fe8a8c4ec7611565bf9fce6dcace9be320c1b5bea27596b2204071ed04f10
rfc7671.doraji.xyz. IN TLSA 2 1 1
bd936e72b212ef6f773102c6b77d38f94297322efc25396bc3279422e0c89270
It may be prudent to mark your calendar to check the Let's Encrypt
certificate page once or twice a year, and make appropriate changes if
new intermediate issuer CAs are introduced, or extant ones retired.
https://letsencrypt.org/certificates/
--
Viktor.
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
