Support TLSA records (DANE) in freeipa-letsencrypt.py #2

New Issue

Open

opened 2026-01-01 16:57:14 +00:00 by jfl · 0 comments

jfl commented 2026-01-01 16:57:14 +00:00

Owner

Copy Link

this requirement consts of 2 steps:

1. automatically add a TSLA record to the DNS zone for the webUI
2. ensure Certbot renews only the certificate and not the private key (which is default behaviour)

See also:

• https://blog.apnic.net/2017/01/06/lets-encrypt-dane/ (especially postscriptum)
• https://www.huque.com/bin/gen_tlsa

this requirement consts of 2 steps: 1. automatically add a TSLA record to the DNS zone for the webUI 2. ensure Certbot renews only the certificate and not the private key (which is default behaviour) See also: - https://blog.apnic.net/2017/01/06/lets-encrypt-dane/ (especially postscriptum) - https://www.huque.com/bin/gen_tlsa

jfl added the enhancement label 2026-01-01 16:57:14 +00:00

jfl self-assigned this 2026-01-01 16:57:14 +00:00

This repo is archived. You cannot comment on issues.

No Branch/Tag Specified

Branches Tags

master

No results found.

Labels

Clear labels

bug

Something is not working

duplicate

This issue or pull request already exists

enhancement

New feature

help wanted

Need some help

invalid

Something is wrong

question

More information is needed

wontfix

This won't be fixed

No Label enhancement

Milestone

No items

No Milestone

Assignees

Clear assignees

jfl

No Assignees jfl

1 Participants

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: scripts/FreeIPA#2