It appears that Viktor Dukhovni via mailop <[email protected]> said: >When you combine DANE with Let's Encrypt the sensible thing to do is to >configure your ACME client to NOT automatically rotate the key on every >renewal. This isn't actually difficult, bad sadly not as widely known >as one might hope.
Agreed. I use the acme.sh client to re-sign the same request, so the key doesn't change and I don't have to change the TLSA records. It is indeed pretty easy. R's, John _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
