How to set up OSCP stapling on a LAMP stack?

Expanding on what @9peppe said above - DANE is still (slowly) catching on. Most people using it with LetsEncrypt/Certbot are early adopters and have been ironing out the best workflows for deployment. Last I checked, there isn't any official guidance from LetsEncrypt/Certbot and there hasn't been a standardized common workflow for integrating it. There have been some issues with certain types of records invalidating others.

One of the better discussions on DANE here is: Understanding SMTP DANE implementation options - #6 by schoen as that topic has input of some ISRG/LetsEncrypt staff and many of the community mods.

I strongly suggest seaching for DANE in the archives and doing a reverse date search as "what works best" has been evolving a lot.

4 Likes