Hi all, Le 9/3/2019 à 12:24 PM, Carsten Schiefner a écrit : > Sylvain, all - > > On 03.09.2019 13:12, Sylvain BAYA wrote: >> [...] > indeed there is: one way to use Letsencrypt certificates is to have them > automagically renewd every 90 days or so. > > This works like a charm on my host. > > The tricky bit, however, comes if you want to use this very certificate > in a TLSA RR as well: all of a sudden the RR points to a non-existing > certificate when Letsencrypt's cron job has flipped the certificate.
Dear Carsten, Thanks for pointing this clear issue here :-) ...do you think it is a configuration issue or a technical (conceptual) one ? I suppose that you have already pointed it to the LE team :-/ > I haven't yet really gotten my head around it - but maybe the NCC could > and would?! 8-) ...you might have a great support now, if RIPE NCC accepts (if need be) to jump in ;-) Shalom, --sb. > Chers, > > -C. -- Regards, Sylvain B. <http://www.chretiennement.org> __ Website : <https://www.cmnog.cm> Wiki : <https://www.cmnog.cm/dokuwiki> Surveys : <https://survey.cmnog.cm> Subscribe to Mailing List : <https://lists.cmnog.cm/mailman/listinfo/cmnog/> Mailing List's Archives : <https://lists.cmnog.cm/pipermail/cmnog/>
0x0387408365AC8594.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature