-
Roi
Menel, hm I need to check that, thank you.
-
Roi
Menel, there is one record for port 443 - and in the jabber.hot-chilli.net zone. And that should be okay, as 443 serves legacy SSL (not TLS) and can only provide one cert.
-
Menel
Roi: you're missing a tlsa record for _443._tcp.server.jabber.hot-chilli.net Just add the hash for whatever cert will be behind that address and port. Then it all stop complaining (I think) But at the moment you have no tlsa record there
-
Menel
I'm not sure I understand the thing about 443 beeing in the jabber.hot-chilli.net zone. If that's not the server openim.de should connect it should be deleted from its srv records. Currently there is an srv records for openim.de > xmpps-client server.jabber.hot-chilli.net. 443 > Priority: 40 Weight: 0 Maybe an accident? (or I didn't get something) But the DANE checker misses a tlsa record exactly there
-
moparisthebest
Roi: it's because you have those ^ xmpps-client records for openim and everything else, and only the one TLSA record for it