This script will look for your TLSA records in the specified zone name and then regenerate them with the available certificate. It's convenient especially with Let's Encrypt which obliges us to renew our certificates every 3 months.
Requirements:
- python3
- ovh-api python
- hash-slinger
Instalation:
- apt install hash-slinger python3-pip python3-setuptools python3-wheel
- pip install ovh
Configuration:
- rename conf.ini.default in conf.ini
- replace with your value
[default]
endpoint=ovh-eu
zoneName=exemple.com
subDomains=_443._tcp.www,_443._tcp.git
[ovh-eu]
application_key=my_app_key
application_secret=my_application_secret
consumer_key=my_consumer_key
If you don't have credentials : https://eu.api.ovh.com/createApp/
The subDomains list, is usefull if you want create new TLSA records.
Run:
- python3 tlsa-ovh.py