|
|
|
|
|
|
by ymse
3848 days ago
|
|
|
I was not familiar with DANE: https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Na... Until the CA system is completely abolished, this appears to works great with LE -- free certificates and a guarantee that no other CA can impersonate you. The ACME protocol could conceivably be extended to update SRV records along with the certificate for some DNS providers. |
|
|