I have written a renew-hook automatically generates, installs and removes TLSA records. Its currently aimed a Bind9 as that the DNS I use on my servers.
During the process I store the update records, in files which are created in the …/live/domain.name directory.
Is placing these files there a
- acceptable to the letsencypt developers.
- a good/bad idea just as a idea.