Hi all, Le 9/3/2019 à 12:24 PM, Carsten Schiefner a écrit :
Sylvain, all -
On 03.09.2019 13:12, Sylvain BAYA wrote:
[...] indeed there is: one way to use Letsencrypt certificates is to have them automagically renewd every 90 days or so.
This works like a charm on my host.
The tricky bit, however, comes if you want to use this very certificate in a TLSA RR as well: all of a sudden the RR points to a non-existing certificate when Letsencrypt's cron job has flipped the certificate.
Dear Carsten, Thanks for pointing this clear issue here :-) ...do you think it is a configuration issue or a technical (conceptual) one ? I suppose that you have already pointed it to the LE team :-/
I haven't yet really gotten my head around it - but maybe the NCC could and would?! 8-)
...you might have a great support now, if RIPE NCC accepts (if need be) to jump in ;-) Shalom, --sb.
Chers,
-C.
-- Regards, Sylvain B. <http://www.chretiennement.org> __ Website : <https://www.cmnog.cm> Wiki : <https://www.cmnog.cm/dokuwiki> Surveys : <https://survey.cmnog.cm> Subscribe to Mailing List : <https://lists.cmnog.cm/mailman/listinfo/cmnog/> Mailing List's Archives : <https://lists.cmnog.cm/pipermail/cmnog/>