Hi Lucas,
yes your ppa version seems to work.
I can also send emails again with the dane-only policy.
Details:
The warning still exists, but posttls-finger gets a valid RR record:
root@www:~# posttls-finger -t30 -T180 -c -L verbose,summary bueren.space
posttls-finger: initializing the client-side TLS engine
posttls-finger: warning: connect to private/tlsmgr: No such file or directory
posttls-finger: warning: connect to private/tlsmgr: No such file or directory
posttls-finger: warning: problem talking to server private/tlsmgr: No such file or directory
posttls-finger: warning: no entropy for TLS key generation: disabling TLS support
posttls-finger: using DANE RR: _25._tcp.www.bueren.space IN TLSA 3 0 1 D7:BC:71:07:19:28:E7:97:F9:86:52:02:EB:90:99:4B:B1:DB:EE:8D:FF:B5:D5:6D:15:B2:D8:AC:25:99:AA:5F
Hi Lucas,
yes your ppa version seems to work.
I can also send emails again with the dane-only policy.
Details:
The warning still exists, but posttls-finger gets a valid RR record:
root@www:~# posttls-finger -t30 -T180 -c -L verbose,summary bueren.space www.bueren. space IN TLSA 3 0 1 D7:BC:71: 07:19:28: E7:97:F9: 86:52:02: EB:90:99: 4B:B1:DB: EE:8D:FF: B5:D5:6D: 15:B2:D8: AC:25:99: AA:5F
posttls-finger: initializing the client-side TLS engine
posttls-finger: warning: connect to private/tlsmgr: No such file or directory
posttls-finger: warning: connect to private/tlsmgr: No such file or directory
posttls-finger: warning: problem talking to server private/tlsmgr: No such file or directory
posttls-finger: warning: no entropy for TLS key generation: disabling TLS support
posttls-finger: using DANE RR: _25._tcp.