It appears that Fehlauer, Norbert via mailop <n.fehla...@systema-online.de> said: >-=-=-=-=-=- >-=-=-=-=-=- >Hi, > >> Are you aware that despite of how long is cert valid, once >> it will expire and you will need its rollower? > >Yes I'm aware of that and it's what I'm doing anyway when the used certificate >is near to its expiration date. >But when using only 3 1 1 dane records I can only publish the new certificate >as soon as it is signed. And going to delete the old record a few days later.
I use Let's Encrypt and resign the same requests so the TLSA doesn't change. Assuming you can give the CA the request you want it to sign, that should work for any CA. R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
