TLSA record issues after Let's Encrypt certificate update

OS type and version: Ubuntu 20.04.3 / Kernel 5.4.0-90
Webmin version: 1.981
Virtualmin version: 6.17-3
Related products version: bind 9.16.1-0ubuntu2.9

Hi alltogether,
I encountered the follow situation multiple times now:

I am using Hurricane Electric (HE, as secondary DNS for my Virtualmin server. I am also using Let’s Encrypt certificates and DNSSEC.

Now everytime Let’s Encrypt certificates are updated I get an error message about DANE TLSA records not being correct.

I verified them in the DNS config for the specific domain and in the Hurricane Electric DNS panel and they do not fit together. After dig-ing both the primary (Virtualmin) and secondary (HE) I recognized both show the old value (not the one which is in the DNS config) so I restarted bind and now I am seeing both showing the new value for the TLSA records.

I guess there is some reload/restart of bind missing after updating the TLSA records after an Let’s Encrypt certificate is updated, maybe someone can verify that/look into that … or tell me that I am wrong and what I do wrong.


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.