| 26 Mar 2026 |
 hexa | woah | 17:14:46 |
 K900 | YESSSSSSSSS | 19:13:23 |
 Arian | Finally | 21:07:21 |
| hexa | DNS-PERSIST-01 should land in staging end of Q1 and prod somewhere Q2 | 23:38:54 |
| hexa | I expect widespread interest and will probably suggest nixos-mailserver users to use that instead of standing up nginx. | 23:39:30 |
 Sandro 🐧 | nice | 23:42:44 |
| hexa | The setup guide has instructions to modify DNS entries already anyway. | 23:43:54 |
| hexa | I'm just wondering what our integration will look like. | 23:44:08 |
| hexa | https://github.com/go-acme/lego/pull/2871 | 23:44:38 |
| hexa |
Given the manual-only nature of DNS-PERSIST-01 I’ve also intentionally de-prioritized it in favor of DNS-01 when both challenge types are provided.
| 23:46:08 |
| hexa | :think | 23:46:09 |
| hexa | Redacted or Malformed Event | 23:46:15 |
| hexa | https://letsencrypt.org/2026/02/18/dns-persist-01#dns-persist-01-authorizes-persistently | 23:47:37 |
| hexa | ok, so basically you create an account and tie the _validation-persist record to the account url | 23:48:01 |
| 27 Mar 2026 |
| Sandro 🐧 | well, for running a local Bind... | 00:28:37 |
| Sandro 🐧 | add a shell script to print out the dns record that people need to set? | 00:28:56 |
| Sandro 🐧 | or put it into a file like mailserver, sothat it is easy to find and copy? | 00:29:10 |
| 28 Mar 2026 |
 m1cr0man | huge | 16:21:13 |
| 2 Apr 2026 |
| hexa | right, this can simpliy the acme module a lot | 14:44:59 |
| hexa | I have an idea how to keep it complicated though: delaying activation of a new certificate for time/condition | 14:45:45 |
| hexa | this could allow for proper DANE support | 14:46:09 |
| hexa | * | 15:02:36 |
| 10 Apr 2026 |
 emily | https://letsencrypt.org/2026/04/10/test-sites.html can we deploy this for everyone on April 1? | 19:00:42 |
| Arian | All the revoked certs work fine for me on chrome for android | 20:51:09 |
| Arian | I guess it's because chrome only pushes revoked certs through updates? | 20:51:53 |
 ThinkChaos | Yeah only Firefox has good (i.e. functional) revocation support ATM thanks to the mentioned CRLite.
This blog post explains how it works nicely: https://hacks.mozilla.org/2025/08/crlite-fast-private-and-comprehensive-certificate-revocation-checking-in-firefox/
You should consider using FF on Android just for extensions: it supports standard WebExts like uBlock Origin! | 23:02:19 |
| 11 Apr 2026 |
|  @rasmata:matrix.org joined the room. | 19:17:38 |
| @rasmata:matrix.org left the room. | 19:17:40 |
| 12 Apr 2026 |
|  leona changed their profile picture. | 12:15:37 |
| 13 Apr 2026 |
|  Alesya changed their display name from Alesya Huzik to Alesya. | 01:44:34 |
