On Mon, Jun 30, 2025 at 08:43:17AM +0200, Danjel Jungersen via Postfix-users
wrote:
>
> Do I get this right, if I say that it only applies to me, if I'm using the
> "advised against" method 2 x x?
> Or rather planning to use, I'm not up and running with inbound dane yet....
That specific post is indeed primarily about correct use "2 x x" records
with Let's Encrypt issued certifiates. The larger message is that TLSA
record changes that are needed for upcoming certifxates need to happen
first, and the actual certificate deployment needs to happen a few TTLs
later, once matching TLSA records have been in place for some time.
Once the new cert chain is in place, any TLSA records matching only
retired certificate chains should be removed from the TLSA RRset.
--
VIktor.
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
