Read on Twitter
#DANE #LetsEncrypt
Please note that the Let& #39;s Encrypt intermediate CA certificate "X3" will soon be phased out in favour of "R3" and "E3" which have new keys, and so any DANE TLSA "2 1 1" records matching "X3" will not match "R3" or "E3". https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html">https://letsencrypt.org/2020/09/1...
Please note that the Let& #39;s Encrypt intermediate CA certificate "X3" will soon be phased out in favour of "R3" and "E3" which have new keys, and so any DANE TLSA "2 1 1" records matching "X3" will not match "R3" or "E3". https://letsencrypt.org/2020/09/17/new-root-and-intermediates.html">https://letsencrypt.org/2020/09/1...
Any "2 1 1" records need to be augmented soon with additional records matching "R3" and "E3", in advance of these issuing certificates for servers with DANE-TA(2) TLSA records.
Failure to act is likely to result in an outage once renewals switch to signing via "R3" or "E3".
Failure to act is likely to result in an outage once renewals switch to signing via "R3" or "E3".
Small correction, the "E3" should have been "E1".
Links to the actual certificates can be found at:
https://letsencrypt.org/certificates/
https://letsencrypt.org/certifica... href=" https://letsencrypt.org/certs/lets-encrypt-r3.pem
https://letsencrypt.org/certs/let... href=" https://letsencrypt.org/certs/lets-encrypt-e1.pem">https://letsencrypt.org/certs/let...
Links to the actual certificates can be found at:
https://letsencrypt.org/certificates/
A more detailed post to dane-users:
https://mail.sys4.de/pipermail/dane-users/2020-September/000578.html">https://mail.sys4.de/pipermail...
https://mail.sys4.de/pipermail/dane-users/2020-September/000578.html">https://mail.sys4.de/pipermail...
