[Yeti DNS Discuss] A public Yeti DNS resolver (but with TLS)

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Jan 5 09:47:30 UTC 2017


On Thu, Jan 05, 2017 at 09:32:04AM +1100,
 Geoff Huston <gih at apnic.net> wrote 
 a message of 30 lines which said:

> You should be aware that certbot renew will generate a new private
> key when it renew your certificate.
> 
> If you are using DANE this has some implications about the TLSA
> record and you will need some local scripting to essentially perform
> a key roll.

Or if you are using key pinning (which is the only authentication
currently documented in a RFC for DNS-over-TLS) :-(

The more I use Let's Encrypt, the more I regret CAcert. I don't find
an option in certbot to keep my keys.


More information about the discuss mailing list