Open
Issue #3
· created by 
Support TLSA records (DANE) in freeipa-letsencrypt.py
this requirement consts of 2 steps:
- automatically add a TSLA record to the DNS zone for the webUI
- ensure Certbot renews only the certificate and not the private key (which is default behaviour)
See also:
- https://blog.apnic.net/2017/01/06/lets-encrypt-dane/ (especially postscriptum)
- https://www.huque.com/bin/gen_tlsa
