This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] SSL Certificates for ripe anchors

Previous message (by thread): [atlas] SSL Certificates for ripe anchors
Next message (by thread): [atlas] SSL Certificates for ripe anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Carsten Schiefner carsten at schiefner.de
Tue Sep 3 15:10:03 CEST 2019

[https://community.letsencrypt.org/t/please-avoid-3-0-1-and-3-0-2-dane-tlsa-records-with-le-certificates/7022]

Thanks, Sylvain and Bjørn!

-- 
Von meinem Android-Gerät gesendet.

-----Original Message-----
From: Carsten Schiefner <carsten at schiefner.de>
To: "Bjørn Mork" <bjorn at mork.no>
Cc: ripe-atlas at ripe.net
Sent: Di., 03 Sep. 2019 14:34
Subject: Re: [atlas] SSL Certificates for ripe anchors

Hi Bjørn,

> Am 03.09.2019 um 13:35 schrieb Bjørn Mork <bjorn at mork.no>:
>> The tricky bit, however, comes if you want to use this very certificate
>> in a TLSA RR as well: all of a sudden the RR points to a non-existing
>> certificate when Letsencrypt's cron job has flipped the certificate.
>> 
>> [...]
> 
> You can renew Let's Encrypt certificates without changing the key.  And
> if you use the recommended 3 1 1 TLSA records, then you don't have to
> change it unless the key is changed.

ah! :-)

Would you have a specific pointer in mind you’d recommend and so like to share?

Thanks & best,

-C.

Previous message (by thread): [atlas] SSL Certificates for ripe anchors
Next message (by thread): [atlas] SSL Certificates for ripe anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]