Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

There are multiple ways to set it up: - Reuse the key, set up the TLSA record using the public key. Certbot really doesn't seem to support this in an automated way. It requires that you generate a CSR, but there doesn't seem to be a way to renew this automatically. - Generate a new key for each certificate, which is what certbot. You would first need to add both the old and the new certificate to DNS, wait for the TTL of the old to expire, change to the new certificate, remove the old from DNS. There doesn't seem to be a tool to do this. - Set up the TLSA record to say you trust the CA.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: