[Yeti DNS Discuss] A public Yeti DNS resolver (but with TLS)

Stephane Bortzmeyer bortzmeyer at nic.fr
Sun Jun 25 15:18:48 UTC 2017

On Thu, Jan 05, 2017 at 09:32:04AM +1100,
 Geoff Huston <gih at apnic.net> wrote 
 a message of 30 lines which said:

> You should be aware that certbot renew will generate a new private
> key when it renew your certificate.
> If you are using DANE [or pinned keys, S.B.] this has some
> implications about the TLSA record and you will need some local
> scripting to essentially perform a key roll.

I switched to 'certbot certonly' instead of 'certbot renew' and it
seems I can keep my key (but it requires more setup). We'll see how it

More information about the discuss mailing list