nginx: Don't hard-code the HPKP headers.2016-07-12T01:10:33+00:00Guilhem Moulinguilhem@fripost.org2016-07-12T01:10:33+00:00ef430522256013665205cdda05636846cc622251
Instead, lookup the pubkeys and compute the digests on the fly. But
never modify the actual header snippet to avoid locking our users out.
Instead, lookup the pubkeys and compute the digests on the fly. But
never modify the actual header snippet to avoid locking our users out.
Change the pubkey extension from .pem to .pub.2016-07-09T23:16:00+00:00Guilhem Moulinguilhem@fripost.org2016-07-09T23:16:00+00:0002772c92ce74490ce60792b0543d60ce71f28e42
certs/public: fetch each cert's pubkey (SPKI), not the cert itself.2016-06-15T16:13:09+00:00Guilhem Moulinguilhem@fripost.org2016-06-15T16:08:48+00:0002d4a5892bb3019d448c453ad279788fcd3f1531
To avoid new commits upon cert renewal.
To avoid new commits upon cert renewal.
Renew cert for https://lists.fripost.org.2016-05-28T11:31:42+00:00Guilhem Moulinguilhem@fripost.org2016-05-28T11:31:42+00:004872fcd0b60b21d6b016a9e2673e5662313815cb
Add an ansible module 'fetch_cmd' to fetch the output of a remote command locally.2016-05-17T22:47:05+00:00Guilhem Moulinguilhem@fripost.org2016-05-17T22:10:50+00:0071aefcc229f999f92b25e51b9444b313d95fbc86
And use this to fetch all X.509 leaf certificates.
And use this to fetch all X.509 leaf certificates.
Renew imap.fripost.org:993 and smtp.fripost.org:587 X.509 certificates.2016-05-17T22:06:54+00:00Guilhem Moulinguilhem@fripost.org2016-05-17T22:06:23+00:00f4c280d1c6f43f7ca0c1e498ab87fe7aa08d5eb2
Reissue certs on civett and elefant since LE's X3 intermediate CA has better support for XP.2016-03-27T17:19:01+00:00Guilhem Moulinguilhem@fripost.org2016-03-27T17:19:01+00:004dbc2fb82f4f001c4927d200ddedae7ac1ff5f70
Let's Encrypt: Only reload (as opposed to restart) postfix/nginx after renewing the cert2016-03-05T13:55:40+00:00Guilhem Moulinguilhem@fripost.org2016-03-05T13:55:40+00:0006f4a2e56948f0b2e2842a5ba5b9fe0d21bc8ba8