The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
I use Cloudflare, and my login token only supports editing DNS records, which is nice. If yours doesn’t, it may be worth switching to one that does. There are lots of options and many of them have a reasonable API.
Not all DNS hosts support that. Webnames.ca, looking at you…
Also my workplace hosts their own dns and I think it will be a cold day in hell before they let me do automated updates.
Any DNS host that doesn’t support automation either starts building now or goes out of business when short certs are implemented.
Sure, but it’s really nice if it does.
I use Cloudflare, and my login token only supports editing DNS records, which is nice. If yours doesn’t, it may be worth switching to one that does. There are lots of options and many of them have a reasonable API.
The best way to control the data.
This is of waning value, but don’t jump into half-assed automation early or you end up with problems like route53 hijacking.