[Yeti DNS Discuss] A public Yeti DNS resolver (but with TLS)

[Stephane Bortzmeyer]

On Wed, Dec 21, 2016 at 09:11:06PM +0100,
 Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote 
 a message of 118 lines which said:

> So, I installed an *experimental* public DNS-overs-TLS Yeti resolver
> on dns-resolver.bortzmeyer.org (IPv6 only, which makes sense for
> Yeti).
[...]
> The certificate was issued by CAcert <https://www.cacert.org/> I
> wonder if it's possible to get a Let's Encrypt certificate for a DNS
> server (you need to set up a callback server)?

Now running under its final name, dns-resolver.yeti.eu.org. And it has
a nice Let's Encrypt certificate. (I've set up a Nginx HTTP server at
<https://dns-resolver.yeti.eu.org/>, ran "sudo certbot certonly
--webroot -w /usr/share/nginx/html -d dns-resolver.yeti.eu.org" and
configured Unbound to use
/etc/letsencrypt/live/dns-resolver.yeti.eu.org/*.pem.)