sometimes ianIt took quite a bit of work (less than I feared, thankfully) but my secure DNS servers now use short-lived and IP address validated certificates from @letsencrypt!
Because there are two DNS servers but they share the same hostname and certificate, I needed to write some tooling to help synchronize the challenge from one machine to the other, along with sharing the certificates once issued/renewed.
So I wrote a quick and simple server and client app: https://git.ecn.io/ian/certsync
