[Yeti DNS Discuss] A public Yeti DNS resolver (but with TLS)
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Jan 5 09:47:30 UTC 2017
On Thu, Jan 05, 2017 at 09:32:04AM +1100,
Geoff Huston <gih at apnic.net> wrote
a message of 30 lines which said:
> You should be aware that certbot renew will generate a new private
> key when it renew your certificate.
>
> If you are using DANE this has some implications about the TLSA
> record and you will need some local scripting to essentially perform
> a key roll.
Or if you are using key pinning (which is the only authentication
currently documented in a RFC for DNS-over-TLS) :-(
The more I use Let's Encrypt, the more I regret CAcert. I don't find
an option in certbot to keep my keys.
More information about the discuss
mailing list