Tools implementing deSEC

peter · July 21, 2024, 10:06pm

I vaguely recall that for certbot, there’s something like you are doing for acme.sh (thanks for pushing this!), but I can’t find it just now. Will update this post if I find it.

That said, it eludes me why one should rotate the private key frequently. OTOH, exercising the process might be enough justification in itself …

Stay secure,
Peter

peter · July 22, 2024, 1:57am

https://github.com/tlsaware/danebot:

danebot is a certbot wrapper that helps to avoid SMTP outages due to mismatched TLSA records resulting from a Let’s Encrypt automated certificate renewal.

@mdbraber

franz · August 22, 2024, 8:06am

Hi there!

If you are still using dehydrated - like me - the following hook might be interesting:

dehydrated_desec