Thank you for the heads up, also my domain is on the list. One question; my domain/MTA just received a new cert:
root@box:/etc/letsencrypt/live/example.com# openssl x509 -text -in cert.pem |grep Issuer |grep Authority Issuer: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
root@box:/etc/letsencrypt/live/example.com# openssl x509 -text -in chain.pem |grep "Encrypt Authority" Subject: C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3
and I publish these:
_25._tcp.example.com. IN TLSA 2 1 1 60b87575447dcba2a36b7d11ac09fb24a9db406fee12d2cc90180517616e8a18
Is it needed for me to publish the new one (with 8d02536c887482bc34ff54e41d2ba659bf85b341a0a20afadb5813dcfbcf286d) now already, or when my cert renewed / is issued with R3?