Any "2 1 1" records need to be augmented soon with additional records matching "R3" and "E3", in advance of these issuing certificates for servers with DANE-TA(2) TLSA records.

Failure to act is likely to result in an outage once renewals switch to signing via "R3" or "E3".
You can follow @VDukhovni.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: