Is the process to update the serial number automatic? If so care to share.
On 2017-02-20 4:04 AM, Casper Gielen wrote:
Op 19-02-17 om 19:20 schreef John Allen:
Attached is a bash script that I am developing to automate the
generation of TLSA records from Letsencrypt certificates.
the script is called from the certbot renew hook, it can also be run
stand alone - Certbot_TLSAgen path-to-certificate "space separated list
of domains included in cert"
It seems to work, but would some kind sole take a look and where I have
or are about to screw up.
Any suggestions as to how to get the output into my DNS (Bind9)
preferably without using nsupdate. I am not keen on nsupdate as it makes
a mess of the zone files, which I use as documentation for my DNS.
It may not be the cleanest method, but I use the INCLUDE statement in my
zones to include snippets of externally maintained information.
The script I use outputs the required records and I just put it in the
right file and trigger a procedure to update the serial number and
reload Bind.
