Hi friends,
I’m a little bit confused around the DKIM implementation, and reading this page seem that is possible to obtain the DKMS key using Letsencrypt.
Could you tell me if this is possible and eventually how implement the DNS DKIM using letsencrypt?
LE doesn’t generate keys. I have no idea what they are talking about. You don’t need and shouldn’t use a public CA for that. The mail server operator holds all the keys and signs all mails.
I’ve sent an e-mail to that blog suggesting that the information presented there is incorrect and should be updated to suggest a different way of generating DKIM keys.
The cryptography aspects that are in play are RSA 1024+bit Keys and SHA-1 and SHA-256 hashing.
You do not need a public CA to perform any of these functions. In fact a public CA will never generate private keys for you (as it means they will be able to intercept or decrypt all your traffic). You can generate your own RSA key and most crypto libraries like OpenSSL will do the signing for you.
Depending on your mail server it may generate keys for you automatically.
There is also a great list of the functionality provided by various servers and clients: