Generate TLSA Record from the command line for DANE and DNSSEC.

If DNSEC is enabled for your domain, you should also create a TSLA record to implement DANE (DNS-based Authentication of Named Entities) to properly authenticate your domain.

Although online tools exist to generate a TSLA record, you can also do it from the command line on the server where the SSL certificate is stored.

In this tutorial, we assume you are working with Ubuntu and you are logged in as root, so switch to root user if you are not already.

sudo -i

Install the “hash-slinger” package.

apt install hash-slinger -y

In the following example we will be creating a TLSA record for a web server on port 443, but of course you can also use the command for a mail server on port 25, for example.

tlsa --create --selector 1 -p 443 --certificate /etc/acme/certs/example.com_ecc/fullchain.cer example.com

_443._tcp.example.com. IN TLSA 3 1 1 a5c90a4fdf88297b3e33ff84e1d307a41fddf07bce95c5e09eb9382988b86aaa

Now take the above information to create a TLSA record in the DNS server assigned to the domain.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.