From 03b01fff79b9a1c5e1df424605531f895f7cdd27 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Wed, 14 Jun 2023 10:38:29 +0200 Subject: [PATCH 1/3] Allow letsencrypt certificates for code.cacert.org --- cacert.org | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cacert.org b/cacert.org index 7f76a7a..91594c2 100644 --- a/cacert.org +++ b/cacert.org @@ -127,6 +127,8 @@ code.cacert.org 43200 IN SSHFP 3 1 e8021534def77726741a874945ec578ed6d84f31 code.cacert.org 43200 IN SSHFP 3 2 54e42fd9ac210cd6bd3ec1ca75b80bf4585eb47606a40b4627d1916f355dcb9f code.cacert.org 43200 IN SSHFP 4 1 33305c1b89678caa80ef42a31e29b3e8dc70ccb9 code.cacert.org 43200 IN SSHFP 4 2 cce03a264ec4b947d4a30ddc2b86fe80fc73d51f751baa834ff1ec848181b8eb +code.cacert.org 43200 IN CAA 0 issue "cacert.org" +code.cacert.org 43200 IN CAA 0 issue "letsencrypt.org" ; public CRL service crl.cacert.org 43200 IN A 213.154.225.236 From 7e0d88f8bf49654d3cb8170bb6973cd3dcb92da4 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Wed, 14 Jun 2023 14:55:22 +0200 Subject: [PATCH 2/3] Order records for code.cacert.org by type --- cacert.org | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cacert.org b/cacert.org index 91594c2..e34eb2e 100644 --- a/cacert.org +++ b/cacert.org @@ -121,14 +121,14 @@ cats.cacert.org 43200 IN SSHFP 3 2 1f54953c96de0e93cd19e66ca25085d6773ceefd3c376 ; code (Gitea) code.cacert.org 43200 IN A 213.154.225.249 code.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::15 +code.cacert.org 43200 IN CAA 0 issue "cacert.org" +code.cacert.org 43200 IN CAA 0 issue "letsencrypt.org" code.cacert.org 43200 IN SSHFP 1 1 99fe627866921e9cbb8e10fca89681518f7e6ed5 code.cacert.org 43200 IN SSHFP 1 2 34cc996e568ddbe93354f284a52bd60602395a0e1fcb87770e190fbc97dd9ce7 code.cacert.org 43200 IN SSHFP 3 1 e8021534def77726741a874945ec578ed6d84f31 code.cacert.org 43200 IN SSHFP 3 2 54e42fd9ac210cd6bd3ec1ca75b80bf4585eb47606a40b4627d1916f355dcb9f code.cacert.org 43200 IN SSHFP 4 1 33305c1b89678caa80ef42a31e29b3e8dc70ccb9 code.cacert.org 43200 IN SSHFP 4 2 cce03a264ec4b947d4a30ddc2b86fe80fc73d51f751baa834ff1ec848181b8eb -code.cacert.org 43200 IN CAA 0 issue "cacert.org" -code.cacert.org 43200 IN CAA 0 issue "letsencrypt.org" ; public CRL service crl.cacert.org 43200 IN A 213.154.225.236 From 7986084a4086533c455e98216578d8dd87c80186 Mon Sep 17 00:00:00 2001 From: Jan Dittberner Date: Wed, 14 Jun 2023 18:45:40 +0200 Subject: [PATCH 3/3] Add letsencrypt as allowed CA for cacert.org zone --- cacert.org | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cacert.org b/cacert.org index e34eb2e..0d76c1c 100644 --- a/cacert.org +++ b/cacert.org @@ -7,6 +7,7 @@ cacert.org 43200 IN A 213.154.225.245 cacert.org 43200 IN AAAA 2001:7b8:3:9c::245 cacert.org 43200 IN CAA 0 issue "cacert.org" +cacert.org 43200 IN CAA 0 issue "letsencrypt.org" cacert.org 43200 IN CAA 0 issuewild "cacert.org" cacert.org 43200 IN CAA 0 iodef "mailto:critical-admin@cacert.org" @@ -121,8 +122,6 @@ cats.cacert.org 43200 IN SSHFP 3 2 1f54953c96de0e93cd19e66ca25085d6773ceefd3c376 ; code (Gitea) code.cacert.org 43200 IN A 213.154.225.249 code.cacert.org 43200 IN AAAA 2001:7b8:616:162:3::15 -code.cacert.org 43200 IN CAA 0 issue "cacert.org" -code.cacert.org 43200 IN CAA 0 issue "letsencrypt.org" code.cacert.org 43200 IN SSHFP 1 1 99fe627866921e9cbb8e10fca89681518f7e6ed5 code.cacert.org 43200 IN SSHFP 1 2 34cc996e568ddbe93354f284a52bd60602395a0e1fcb87770e190fbc97dd9ce7 code.cacert.org 43200 IN SSHFP 3 1 e8021534def77726741a874945ec578ed6d84f31