search

desec-io / desec-stack

Backbone of the deSEC Free Secure DNS Hosting Service
https://desec.io/
MIT License
387 stars 49 forks source link

Certbot: Automatically Update TLSA Records #156

Open nils-wisiol opened 5 years ago

nils-wisiol commented 5 years ago

Introduce a client that is able to a automatically update TLSA records on certificate renewal.

renne commented 4 years ago

I suggest to use CNAMEs pointig to a TLSA-RRs for wildcard-domains and multiple protocols/ports to reduce the size of zones, e.g.

*._tcp  3600  IN  TLSA   1 1 1 (...)
*._udp  3600  IN  CNAME  *._tcp