-
|
I am currently looking into using the technitium dns server with certificates generated/renewed by ACME clients for DoT, DoQ and maybe DoH (HTTPS). I know i could use an ACME-aware reverse proxy like caddy (or any another reverse proxy with acme clients) but I would first try to use the certs directly with the server (after converting them to the required pfx format). The thing is, after the acme client renewed the certificates and a new pfx file is created, does technitium dns server automatically reload the certificates or do i need to restart it "manually"? Another question on a similar topic, can i use ACME certificates (or any own certs) for DNSSec or must the dns server themselve generate them? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Ah, ok, did not read this blog entry before: https://blog.technitium.com/2020/07/how-to-host-your-own-dns-over-https-and.html This answers the main part of the question, i will open a separate question regarding dnssec. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, the certificate file is reloaded within a minute its updated based on its date modified. For your DNSSEC question, PKI certificates are not used in DNSSEC. DNSSEC is a completely different system. |
Beta Was this translation helpful? Give feedback.
Ah, ok, did not read this blog entry before: https://blog.technitium.com/2020/07/how-to-host-your-own-dns-over-https-and.html
It does look like the dns server is automatically reloading the certs by looking at the file modified time.
This answers the main part of the question, i will open a separate question regarding dnssec.