summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-02-27 00:45:50 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-03-02 21:38:37 +0100
commited8cf1de7e87ff6496db46f17fb4bcfc90ccf48f (patch)
tree9bca7dd3fc058ca0470ceefe742d2ae19df94a3e
parent4a3f204a3d285a377161efb2dbeec73d329e6d1a (diff)
Let's Encrypt
Diffstat
-rw-r--r--certs/public/fripost.org.pem27
-rw-r--r--certs/public/git.fripost.org.pem27
-rw-r--r--certs/public/imap.fripost.org.pem45
-rw-r--r--certs/public/lists.fripost.org.pem47
-rw-r--r--certs/public/mail.fripost.org.pem45
-rw-r--r--certs/public/mx1.fripost.org.pem47
-rw-r--r--certs/public/mx2.fripost.org.pem27
-rw-r--r--certs/public/smtp.fripost.org.pem47
-rw-r--r--common.yml25
-rw-r--r--roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf2
-rw-r--r--roles/MSA/templates/etc/postfix/main.cf.j22
-rw-r--r--roles/MX/templates/etc/postfix/main.cf.j22
-rw-r--r--roles/git/files/etc/nginx/sites-available/git2
-rw-r--r--roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf86
-rw-r--r--roles/letsencrypt/handlers/main.yml2
-rw-r--r--roles/letsencrypt/tasks/main.yml37
-rw-r--r--roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j263
-rw-r--r--roles/lists/files/etc/nginx/sites-available/sympa2
-rw-r--r--roles/webmail/files/etc/nginx/sites-available/roundcube2
-rw-r--r--roles/wiki/files/etc/nginx/sites-available/website2
-rw-r--r--roles/wiki/files/etc/nginx/sites-available/wiki2
21 files changed, 463 insertions, 78 deletions
diff --git a/certs/public/fripost.org.pem b/certs/public/fripost.org.pem
index 6138e4d..c1b6105 100644
--- a/certs/public/fripost.org.pem
+++ b/certs/public/fripost.org.pem
@@ -16,20 +16,47 @@ twpkc+UsPL9YNwwJwMnwGZfLeM3lDeJo7U1OYOf0MV65H5JRM0wduqvpnCm8Ft0i
nfjd6N2ToUEdfIBiNOT37uinMwDq3Y+BCK0hUEyOCE8MKx82v2aysgc2sLHNKlsO
zBScg0UCAwEAAaOCAi8wggIrMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUHZY9GB30
kxEIRKVLzdyDVL4FPycwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw
cAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDEu
bGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgx
LmxldHNlbmNyeXB0Lm9yZy8wOQYDVR0RBDIwMIILZnJpcG9zdC5vcmeCD3d3dy5m
cmlwb3N0Lm9yZ4IQd2lraS5mcmlwb3N0Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeB
DAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMu
bGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNh
dGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFu
ZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5
IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0G
CSqGSIb3DQEBCwUAA4IBAQADhIMJYMH9neqNP8pnYUn5XYfZorIRB1n3hbE6s849
KuBcdAwmbgLXkL67r5cQRUCmLkV+KRu8XOrBHQtYOxzt1ANEWs4lRgZdz3UFUnXT
/9bzY4DZey+DOmOE0qG9oZD4AZTguFcnkDC4adHrmzdMf3Me3zF5hAJR1N2fEpKk
vBjnJRKA/90/5U6VMHUiBkor4hMwzfuUCZdgNKvVeGhDWVUr0OLOnW+b8MnmLz87
LvxR5DgqyxlKqq6CqsGzzLs6qdFqAiZjB7cF2s7e/Wi3nVDFr8Qb1TlxdlkQ15ka
xbvhxUD0YHOsO+hGiwbo6gAeFrzP3uxTTzhrtHnZgOVZ
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/certs/public/git.fripost.org.pem b/certs/public/git.fripost.org.pem
index 65fd6f3..1810c03 100644
--- a/certs/public/git.fripost.org.pem
+++ b/certs/public/git.fripost.org.pem
@@ -16,20 +16,47 @@ dugAzP7mmHdq+1vEgF4Bu6QgBve+UTmJNw5oPTxDW/kDMcmKryz0mJTIv+8EOQLM
OolWDwKE/v0bF7hY62PVKupb5Whky3k80uUYyh+jD9OMUDvfROvAqmd1CdtpJLhF
XXxdjG2JonSfAgMBAAGjggIQMIICDDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLlf
KgMvKLcbf4VlquCyXqJeRuMoMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/z
qOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50
LXgxLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0Lmlu
dC14MS5sZXRzZW5jcnlwdC5vcmcvMBoGA1UdEQQTMBGCD2dpdC5mcmlwb3N0Lm9y
ZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQAmjjh+ymazFdma
4j/fVcAPxmUJSUl7dqG+lohv2uSwnjz/SEMtiOLcpoySOJZAN/tjz5VWvgA+/xeL
EhmFs5P4FuxvhOX4LJgLgAKL3tEoIvantGi8nPCQh1UBYgvQ3Q5B2svehNWezQva
qJ0jxsXN8o2BtBq4oC0m7e7UDu7o1YXxZEspPkK6wCAsB7m8fAdPHPA7AyimfqTj
lPztlpkJsZCGa5lplpi6EvS6wzFkZuWQYHaxqb9L0dN9SVu4YwshEBoKdUMIxSeM
hD6Dq0ebWLYRWg2AHHnF1xtbfUqQLw1kqbdgcl3vcsoDPt5nDkStMIVcd20nR1W6
KGZ8K+jB
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/certs/public/imap.fripost.org.pem b/certs/public/imap.fripost.org.pem
index 1896b4a..603cf73 100644
--- a/certs/public/imap.fripost.org.pem
+++ b/certs/public/imap.fripost.org.pem
@@ -1,35 +1,62 @@
-----BEGIN CERTIFICATE-----
-MIIGFzCCBP+gAwIBAgISAeKF61Exi1Bd4jXjTumceSXeMA0GCSqGSIb3DQEBCwUA
+MIIGFzCCBP+gAwIBAgISAcDSL09mzRBuF3NdTVKwGu4EMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDgxOTU5MDBaFw0x
-NjAzMDcxOTU5MDBaMBsxGTAXBgNVBAMTEGltYXAuZnJpcG9zdC5vcmcwggIiMA0G
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjAzMDBaFw0x
+NjA1MjYyMjAzMDBaMBsxGTAXBgNVBAMTEGltYXAuZnJpcG9zdC5vcmcwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDZaLXYYngW1ioTzfNRtmUeFh9Kopdi
1qfcpRdPwTndRJRfWNC8eA66gDsypYAHc2TlKW86H5ktSpl4ZxmeXTPvK1Ajfe5u
MkOwIHrjHCqKtXXYq4VX0bPCBNSAtT6X1/unBebEoMl/SX6R6m78lEc2020bW7vT
ATMbdGN0AKW3C+zyfOAK2uMILEaFL/0wQRwXJZD8vYk8XH6h3p2Sb9Zb7X5xb0kf
QoDom6AV6gNYnFGsxZkTGcAZVfia2gjM2gl7b/QW8FH4ENazrYqyMs7wMAOvYLfJ
WybxgwqEiVIG8+p/uYIKfqZaLabBXa++JgEx1CkxqsTqXAw2ruYGNZ46V0YiUxnk
Huyoq6eRR+gnzN7TUVx7bbeBCoKcin/r33TSJj6rc7l7YrzelO7LpLDV67gKxhjE
y76BILtscipL2SV/MsRR4mjn3Lm74Al90DHgfsXYlPvzrOdpDqwhpv96LKo6lop0
hz0PQMQrYWYu43wfPAZOZtBH5Mdc/8NapnA6cnzWhCxtWKFK+bO6FItUgDGxET36
WZUClrRpCLHk+nOn9buPWddr3JbEasvTdgIDKWF1D4hqKxNK1+myo7fQE6999nEO
jrpiN5bhr1HUOWmSOnEcPm3zUskDk133koQ/CpfUMzg8jZpXSsYpVRov+oUZofcU
zkPdVExs8rz7MwIDAQABo4ICJDCCAiAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQG
WiAaUhAefQy9IZ0tP8BZqxPF5DAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv
86jsoTBwBggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmlu
dC14MS5sZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
bnQteDEubGV0c2VuY3J5cHQub3JnLzAuBgNVHREEJzAlghBpbWFwLmZyaXBvc3Qu
b3JnghFzaWV2ZS5mcmlwb3N0Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB
5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu
Y3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5
IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5
IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5k
IGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3
-DQEBCwUAA4IBAQAS2kt6KFeNkudjNucQcxQv9qx2skPil5Sh1YqeJF76tkVH0nno
-0JofNwz97Kzn73VKYCBMiL7VsbK2mOskfl2kl+G9vlY+S5ElQM0zZQMT6XgDKJs7
-a2hVADdca4GAldu9KGjHxiERX6I2tfZ59CH3/OXpHbhT+IE8HqOLpT7Dsl9n6IKA
-QlCuDIjEYSPq6f+ob7asivKNZJIUIWpzzEjudRCbEvijS6Nae4O79sS0UUpqqPws
-17iXYORZJ+hvPglCZK6z9zinZaTPoAHE2UhaJN7fqPF3opvmjiSZkDFFFvA41lkt
-gLrdsIE8QxR3riA2fBtMjuEdUmcc5HUNRVW/
+DQEBCwUAA4IBAQBQ6y1VDo4ALoEB7Y84SwzoiREWuoaNzDYSdg2iFZY0aUNhzfxl
+kYOzbgNbD3NAMlc81qgSQxASIYa+8JEU0RW18gJnT4gEIUxIAstSTMffwONW7lod
+RkQO+qGrKep8ws9as2H2xyn7fCxEjLnvIgPF9MpmlUKcXoSBi79PMmLL0KTQ+P/p
+G3be0Me8nxP2chAKWR+7uCISz9Xl0rmxp91eAbo8yhgT0BCza3jWK34Of1ee6YQI
+pDZnGgKcki2SOJura6VWPn/iH/zjf9nYKzhBQGW+Ocnax7jDaZWx/hfDboaf5OIg
+tOziZt0yVPXDUBkSUc6UvNs9gNqIPMczOMym
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
-----END CERTIFICATE-----
diff --git a/certs/public/lists.fripost.org.pem b/certs/public/lists.fripost.org.pem
index 7e04b9a..3c5eca8 100644
--- a/certs/public/lists.fripost.org.pem
+++ b/certs/public/lists.fripost.org.pem
@@ -1,35 +1,62 @@
-----BEGIN CERTIFICATE-----
-MIIGBjCCBO6gAwIBAgISAUJ3fVQbiEbMMnke9mXi7hwwMA0GCSqGSIb3DQEBCwUA
+MIIGBjCCBO6gAwIBAgISAdoeEJLDqjBmbnNMHs/Rk0iNMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDgxODEzMDBaFw0x
-NjAzMDcxODEzMDBaMBwxGjAYBgNVBAMTEWxpc3RzLmZyaXBvc3Qub3JnMIICIjAN
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjI0MDBaFw0x
+NjA1MjYyMjI0MDBaMBwxGjAYBgNVBAMTEWxpc3RzLmZyaXBvc3Qub3JnMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxy2uS+XBKPzAqj72knb7BOxowvWc
vtXzCWtU0QBxkcjwPIuXT5tO3/VWOTV3TZZD4rLX1W9hHk+YB7sC+a9SG8FnNnp6
L02NIfZf+PmI2FSimA+8E9aA5tmh1zYs4vyT3cre4TUceOfmqa7umsmkRA7pMNzo
Q3EtYduS2r9mr7CRivjkufggJu/gOXGpt2bZ2vlYdA8PqkWxQvNERqjRMaBQd8hJ
bhzUEmfHdGDMN3f3BpylBYdmRKpj5gc1mEwUgThYJUuar8TU7SuJZVf0VKUcsrhQ
jYcUb7afnPErIh410gEoOZpmprLVgGEyCRj9l9crez0d1zzun40E0DDDlIGMYcOB
BwRotVQZnbxGm9h3enOrXdDHw97FGfoI2DhG/51N6Nesem9WaBa6bXO0XsUf8jw2
sqpaJWd6W3ZyjpnLRwSOPzDWlQgcCx/AVxUC6N8qQMZFEnhaZP95gnQ/n5VPtCO5
XbgNEvZuBj/95yyDQA4dozRBJ8ELKpW+7aYeSh75KTidjthHPijzCMHkI3xK5csJ
XnKAhTEenw9lfcBHvx/eogQghktDdBYa3sjQQOoyQj+33DR5HzKKsJAMsKXRKDBI
/tolHSxJtYwoFNTNOFJ3aq/gPWZqgqm3yctAIyq5oHraaJAOzBkV09NzUFdI5Dw0
UC6YmZZtmtKoWVsCAwEAAaOCAhIwggIOMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
R9kLB3gXJ0EiHvp7BNKA6bGL4AYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl
7/Oo7KEwcAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5p
bnQteDEubGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu
aW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wHAYDVR0RBBUwE4IRbGlzdHMuZnJpcG9z
dC5vcmcwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHW
MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYB
BQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1
cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdp
dGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNl
-bmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAB2LfUsTB
-hLYAAsRpsHiGvJunfsiFUA4lWWAXD4fQ2LND60uv3yK7H+EKJRCZmkgTty5tIOHe
-C9Yb8oyjE6g9Irg7viPgab+Ago+ILi+TbP2VwjKO1ggmvpLmFLxA7hGG6e8MOJx2
-9TufciFTouIKUznmWGNXVPEOMvDjrZYrzngaYP9LC1jHa94hyAGBOCSeLGotzdPo
-RLzvROggglmWo8gLG6qjJD5m4QSaUG90OMyd6WUftEd+6iUb/vc6/1QjHnxyozEQ
-sQovX2l5LL9HKPvoQzZbvxdPt7fzufI152izY3A9UfMfgb56XoD6NP9MHt9HlX0C
-aNpaKPrfsIApHg==
+bmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAKOH6lEPz
+s1+VZJvtH2EQlUOReTBqABaSQWozhhzZa0VnYbP6o6ZPTuPdM1QxmZxx5o514iQc
+I5pmC0NXi7LlZaeebhO72MM0KUgZYhKqgdpWNYYlSEHb4HmdLMKFfNr1f11JsgUF
+tluX9RKTUDrlOSVnVQGylDO1ipx/1FQcR1nWWYG6vIz0aCSaFAogIPi04o4u58Kc
+o1nVroyY7APd/ac/qwR7fr/4WmN6VzPH00e6c0i9sU2Ndgy7n686BEtF1utAShqX
+DXqaJUzHyL7HqV9VSZCh+UYgDm7OOKzgGMelhcj3x6FMjXSduBCp7M5iUmAUuZuO
+M7IKcUm7RqayAA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
-----END CERTIFICATE-----
diff --git a/certs/public/mail.fripost.org.pem b/certs/public/mail.fripost.org.pem
index 8d64f50..8db6fdb 100644
--- a/certs/public/mail.fripost.org.pem
+++ b/certs/public/mail.fripost.org.pem
@@ -1,35 +1,62 @@
-----BEGIN CERTIFICATE-----
-MIIGGTCCBQGgAwIBAgISAc9Od/F2ZI9NBTwVRRs9P5QGMA0GCSqGSIb3DQEBCwUA
+MIIGGTCCBQGgAwIBAgISAfROB3ZOdrEGD0kX+6BsbL83MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDgxOTQ2MDBaFw0x
-NjAzMDcxOTQ2MDBaMBsxGTAXBgNVBAMTEG1haWwuZnJpcG9zdC5vcmcwggIiMA0G
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjE0MDBaFw0x
+NjA1MjYyMjE0MDBaMBsxGTAXBgNVBAMTEG1haWwuZnJpcG9zdC5vcmcwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAW/LL+h8Iqhv+6MhmqNCEmXBb822T
C+uVIGS2wY4sWMl2A7wkldmG7huERI0ornL2R2ypnEV9Rlv8YdnBfnuDGRKNr3DE
JBgVZFfel3XDlne4U/oQFpFJFi7DkCpU+tpAsadt6TmiLgW3PsQRwDiCuEpfGKmo
f53QRkHxIVVfrR84hGK8beqQkSn5cb5e0XaAof5s9I/IlU9WcIlSLzZsWLE3WAO9
QO1goyDrBCeTvMUIC3lkFlSIyJL4m0dyPM9RoELpAOX0i2YQ+Vz8sW5n/6xPrBGU
piNTaQKa1gX4fleu/6ZEdIzRC7y1vX352wED/cPRC3hLc4kEnUqj+4UzxZup4xe/
zITxLqa7DArOnj9o9qNCOaLy9zBE6RgJMR42Wv4R53O5GTQHkcU6UtZrSbuxdK6j
9+3HwfLOwGEbb3dE8RSt1RNvz9cu1EqFGPSfsiGor1v3fiuL7OK/+5+WdxF4myKv
xui5fmU8KyoDebLs+59CcBNHTcR94eyiSTTDvPgZUIzQaA75wWjwc2S/Eli7Znc/
bW5PMZhJzqdmORvgg4ryZUl8Vz+KyeGBK+Z5BdEAlsQcOZyax+Ixlc6Ek90Fy71y
c7lxRbs73FbMIEBKaIceMmEp7jRjqZHZYwGQLyD98XdSCRHFryU8gkdjTKcnZNJp
9EFpyOXCpaVS8wIDAQABo4ICJjCCAiIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSm
OAr5ZZ5/QM3nckd78yr33xB0STAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv
86jsoTBwBggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmlu
dC14MS5sZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
bnQteDEubGV0c2VuY3J5cHQub3JnLzAwBgNVHREEKTAnghBtYWlsLmZyaXBvc3Qu
b3JnghN3ZWJtYWlsLmZyaXBvc3Qub3JnMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIB
MIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRz
ZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBt
YXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9u
bHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91
bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZI
-hvcNAQELBQADggEBAH0J8G1vhKLfTPsE0CNXzKNRk8BtL9zjoAPacX4B3L35UMzU
-WiiJyFueX8haqtU9SfI27fvEml9hhpTUkCkcybMOlmhtMbdRsjqLdskT6LIPMmy1
-Zaw1KzVhyKQ9n+GJKqLWjiPjL/n68SbBofG5ECRbs3xunwk1rjpaKfLQgwqYQWhl
-5hPZoqvtX9FgkYSOQm3do9LbXwotP8O4IV5934Usg6Z1u7PBApVXGnC2XyLNC6d3
-M/hUhNzzSgiJcgi6jysjtSbhV2zxd3vXCyzQpwGE/O9Guk94xmPG2abQmK87rYDi
-4H0Uk1JSUA9QI5N28cBCgbFbggqb4XcF9TjXTY8=
+hvcNAQELBQADggEBAGp4lS+xoaHAoUVoTEqe3h6AJO0ZcYTa2WGUDlx/9Do/i2H3
+dC9yF0pZlR0F+6snyryNfUNG5/MsSoy/S+3JxFVyBFnSD7k0bJDuRSnzhImPa7bw
+DqQcNcyp71mibCkvnMMpfX0/ooxi+vCYWt+67uOP15y8WZXjNOQXR9EI8rI4TpBX
+tQrUKotXcHFYC6qPk0K01bKGJ5PbVB2EDWTujOkWtRU0mQJ1EjJOANpUaHN7HvMS
+39F1CA1UYIqT687wB62pm2CmTOCkwCNcsqdJIqbFMYbi8nc6id1R8r33XV4bkfGf
+wGZWUcmZ/5kKpLKq8Y6tx5cIo5wNleyvsLRgfrI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
-----END CERTIFICATE-----
diff --git a/certs/public/mx1.fripost.org.pem b/certs/public/mx1.fripost.org.pem
index 9077133..c34c686 100644
--- a/certs/public/mx1.fripost.org.pem
+++ b/certs/public/mx1.fripost.org.pem
@@ -1,35 +1,62 @@
-----BEGIN CERTIFICATE-----
-MIIGAjCCBOqgAwIBAgISARXQ7SpFB4qRwSLt1oUKpDElMA0GCSqGSIb3DQEBCwUA
+MIIGAjCCBOqgAwIBAgISAVdxQrAs1D5deToPt/kfU4xTMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMTYwMDIzMDBaFw0x
-NjAzMTUwMDIzMDBaMBoxGDAWBgNVBAMTD214MS5mcmlwb3N0Lm9yZzCCAiIwDQYJ
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjE3MDBaFw0x
+NjA1MjYyMjE3MDBaMBoxGDAWBgNVBAMTD214MS5mcmlwb3N0Lm9yZzCCAiIwDQYJ
KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKlhAZFY51Mns5A0IyBXGwxS5tdYQaue
WU/PobCkl0hwMxPB1OzSYa71etMkFiTOsgspxWQ624T7MHM3JhSdOJUpMBJKNwaz
dsC4sWT7eRTNiLpmM8PypXnJqJ7kvMzLUZiqRM3vfjJ/znOAb1B+zWIiyVCFFk6j
4X5Ue6zfUROFGVxbIpK7lgpNYI0Ia9IXyX13iqRCvDlcmRdCtz4UpxTaLz6fOyfa
5S52ABgu9aqjI5eVInTSL0zjPXpn3jzW23z+lffCIxx765iXFJdEuWbzlFnE6SZN
yvA6zDDfJ+g0D1Pas964nzm0JWGAwQozg5qZFF99Zwxa3PC8nBh7ih+D1j7HPsA0
93CvU7PITKnDNOdI6i+h+AJQ+wxsb0RtQ88QT/BdAGcD/WpSXn6MG/GBtE6AtSNv
cd2me4jOAbQHShSQ49/iRTvUmP8jcxW1+CDoYhY+2nBO8MkrNciIK6j8HwptSpbl
ZDp9GxyrXBXE4YWM1bFIAEBv9u+MrREt9Np/+hCPuaFW0Gx/Dcga47Tcfsm1v4Ub
NAuciQLEz/CCBAIIfikykDq15Y9Y1WhOmlv5lGN/0dQGqDlXYs7ZGBmbiTv9AYug
Sawqay8q1MquoIoVPTXP0/5KIdQrx3ioFkZF3fxbGi6iTzwtqcsiKX+82dMW+3PY
/6L3nrlYwncNAgMBAAGjggIQMIICDDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKXT
6Tt9ylkLkl3fyPVtgKlD5q8eMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/z
qOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50
LXgxLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0Lmlu
dC14MS5sZXRzZW5jcnlwdC5vcmcvMBoGA1UdEQQTMBGCD214MS5mcmlwb3N0Lm9y
ZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
-cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBz9jeaYmoqxSx4
-mf4w6HcKt14vE2tVXuBLcx4BPmK6E7dfUFWw1td9y+252n13BsspKZA2QYDLb6rN
-0F/p0x0JF5AGAijdFyqsEl3N/IJC2bcpt8eyxc+B3phl7Qzl1HnzO/1Y7BNOiGca
-xJ+0dPIGhkhSjzbAj1f3YJyofFcQhHx/r+tOy55O6pxlVRjXLBd1ZtCLRGVGdO2g
-Ecjc+YrYlsiimoHQpizNih1PHzuY/XyHJJeeNGgRPJMYrKrCCiOp/iJUAvOxzCTF
-r27HVf+ZVkFikYllNB0IJB/tNlxj4cOkAXRwLZtN2a7gELTQm9XG5APErq15JK06
-Du+Xy8Mq
+cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBgaZ0iplVJvoBr
+mHfBzfZWyINItsauI3uKCBmc7pVau64yJk0KaM+1WkrgTjmUp1cRNFVTLPjlZ0oA
+xNKJpyQGNNCnqQHYl2xA54uZRlBgte7HsZCiqkhiE0wpBYdr/fSNiC71BOb/1pY2
+Iv9/kWZaUeFjK9/2Z04a0qqPmfv48c8XQQV/HyTKnnNtOvCKKZvwh4oTABTaLci0
+bYZt1tHGFOE1DHN6jrO1S3RmBDYNHcLp9MVhGP/M1HRz3b1M8sw+D5u9E0rdKtDM
+f54j4TL75mlMbSIWmwt6nCCkXpnW3olrn/HlWq7yN9oSXUUPkE3ftSUpqWLJCtVw
+e1rSnzvb
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
-----END CERTIFICATE-----
diff --git a/certs/public/mx2.fripost.org.pem b/certs/public/mx2.fripost.org.pem
index c743fa5..2080ee5 100644
--- a/certs/public/mx2.fripost.org.pem
+++ b/certs/public/mx2.fripost.org.pem
@@ -16,20 +16,47 @@ YCIJyIHEDGR3N3kN6QLGcIHjqchbehOENj0xTxjgdEU7LPIb3ikeudppRLmYXzaD
a+ucAozbljBHv7LjyDICaLtaC29lTkWgZA7tCcE2DwxK+FxgDlqUyucTBCz+ajjx
1VZXhzoJZFczAgMBAAGjggIQMIICDDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBAM
Y9xCJ+RcfJU9bEr7qoSjmrsHMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/z
qOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50
LXgxLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0Lmlu
dC14MS5sZXRzZW5jcnlwdC5vcmcvMBoGA1UdEQQTMBGCD214Mi5mcmlwb3N0Lm9y
ZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBs4Iq51S5xR94h
SzKhlt7fdCgP1YdjWB1kjWTC9xL7Iii22E4n3YipH96wKHBMxnS3cZsCLHZ8VdHe
KXr1kTw4AH7Jx+KCzj2ztjD/z6t6wb1IZZTpHFMJKZVf67Y+Bb9W/mpQww1Yq8IU
x+90BDLE9OiNGjPe/a7uTrCi/FJ8ESCHcX+0yiDXMDP/1Kdy0XPUle+gAqJUUM1R
09O8f3hwwIhVXcP0DA8UR0un5/usFttereY9OQX46iK4ckrfAhvNpjqqfMVzW1nu
H0XPnh3lr4k8L/jJeK8tNa3QVnVxPGV5ZDotqQrZKG47nEZgNcXPxxe6otjneZXR
LQFrwFiZ
-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/certs/public/smtp.fripost.org.pem b/certs/public/smtp.fripost.org.pem
index 81a1325..269f4b5 100644
--- a/certs/public/smtp.fripost.org.pem
+++ b/certs/public/smtp.fripost.org.pem
@@ -1,35 +1,62 @@
-----BEGIN CERTIFICATE-----
-MIIGBDCCBOygAwIBAgISAT/ZlANJISFHRihAoZ7zCz9AMA0GCSqGSIb3DQEBCwUA
+MIIGBDCCBOygAwIBAgISAflSQ5zfHu04ZufVd2qw+vHMMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMTYwMDU3MDBaFw0x
-NjAzMTUwMDU3MDBaMBsxGTAXBgNVBAMTEHNtdHAuZnJpcG9zdC5vcmcwggIiMA0G
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjA0MDBaFw0x
+NjA1MjYyMjA0MDBaMBsxGTAXBgNVBAMTEHNtdHAuZnJpcG9zdC5vcmcwggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC4wO2IiiPCn9SEc7DRhayWqme2Ef31
/lO2aFamTnUykDxmuKt8QSVbhN9LQ4dcH1n8CLc7pZvQD12bVu8B+ds50sjKlwEr
rH/0NsQOOdR5zEhMdRZG8f75Nbvyz0NjMRClAXhc3aJKNJ2qcPOx66IbPbvrk+lf
lCtQoIblMN/r4UhYMxHMqsZeFBAdI+6ns2pgyR9FOu9zDsTde1a7v2yzQLp1ewjj
gj0XK0RLJZ8nsRmiOz9UrquYrHnBQkeOF5OK+T45wQdRCSjnmK4jP9nRbIIwLdUQ
CLRB2Ji8uV8rtPTgFns8Dyx3/dFxgWVzXJwh6EodaWnCO0V8xTODjHMWiQQOobf1
iEeo6krPq3v19j40c6p+EDLdRRqM/wNtAXS9lfoIDxv/z8Aa4gJpjJhnmkatStaD
ldwOOPgf0/vtB/QoQJi4J5mLWkeZFl+HJPWrKJGtSCSi/9vndCL7FIbMk5B2d9rD
IKs2xn3Et1DPV1zpI2vNcky/mebq+Cb2qDNlC5WEDrCIiiUhEJHjd4gdtF/Q6gom
X8VmH7XigiNE4aVGuWgD9r7iZBFp4hCTw/iczZK9aMi6N6ZeTzLs0YAeR339J2ei
yDV5aZd/BOepkDb9UYzBCBrU7uAOdCX69YA/FTNHXVYhYqWd14/bJnWKlUckd1D9
5ioBZfdYQEHOyQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQn
lA9Ej2gB1YNUZIYC5AnMWifuyTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv
86jsoTBwBggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmlu
dC14MS5sZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
bnQteDEubGV0c2VuY3J5cHQub3JnLzAbBgNVHREEFDASghBzbXRwLmZyaXBvc3Qu
b3JnMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAm
BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUF
BwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBv
biBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRo
IHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5j
-cnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAEvepC7eMCHI
-2yHZx3lSg8KJluZxsW0XlCL6BDupcMKxXQ2DAvhd/d+pnxKQVQ+40Y4NUZGTz1w/
-tZA9lKQn14aQ6o31UKuRSm+FB7zCeLBm3uqxevk8NOcrt1kxvdjul5xYv6t5tLpZ
-Dqk0sM+Lg1/qgTj1IuEQ4rc0RUqoCr2WG0HOW0a8tqWOBDKZDja8r82AhjgT7c21
-2Iz2ItsavlgsW6Gx8OX0gRmoaS3AQ+8dcg99uhajkd5ixkJF09zuqa5Rd87sAjmN
-fmqU/Ok3VUZr1DSrnBc2lt+vhCB8Sn9FcS6BDO3eGy4P8Gy6fES51Bb9MgB6bXOr
-TB5QdMpaRG8=
+cnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAGaoBeW0LSkH
+slGZ5nfB6G7ElqQH1Mue9X8IunFmFuOyRn2ceY6/hn2dwniP+jb6oEk3i68zURW4
+jrh9eJJ6+7al9wZEr5jtnQjZCd8+clArBHRBb1y7dmxqcg4lihh27yzH4W51Fv/e
+pxIx709PT0MyRSsOQ4C6qiM5F0bCL2qiOHMA/jy/LA9pbyjmuc+K+9hJKT/EZcOh
+JQ+0xSy9/HHVvaFsoMgLkUn0147Glrqm8RxwyeSVOf/BFcE4KeirfQewa4pRYRD3
+8e15+JLbfJsOEIhT7LVoFFIwaAU4zAHJgl4/JTjKpFQsyuvyuTCHnMPhoc9fS/tv
+Gcwciaov6NE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
-----END CERTIFICATE-----
diff --git a/common.yml b/common.yml
index cdf4372..2a062ee 100644
--- a/common.yml
+++ b/common.yml
@@ -1,58 +1,39 @@
---
# XXX: This organization is unfortunate. As of Ansible 1.4, roles are
# applied playbook by playbook and not globally for the whole inventory;
# therefore if two playbooks are given the role 'common', the tasks
# defined in 'common' would be run twice.
# The quickfix to ensure that plays are role-disjoint is to create a
# separate play for each role. Of course the downside is that we loose
# (most of) the advantage of roles...
- name: Common tasks
hosts: all
roles:
- common
-- name: Base system
+- name: Let's Encrypt
hosts: IMAP:MX:MSA:webmail:lists:wiki:git
gather_facts: False
- tasks:
- - name: Install dependencies for letsencrypt-tiny
- apt: pkg={{ item }}
- with_items:
- - liblwp-protocol-https-perl
- - socat
- - name: Copy LetsEncrypt's ACME client
- copy: src=deb/letsencrypt-tiny_0.1-1_all.deb
- dest=/tmp
- notify: Install LetsEncrypt's ACME client
- - name: Create a user 'letsencrypt'
- user: name=letsencrypt system=yes
- group=nogroup
- createhome=no
- home=/nonexistent
- shell=/usr/sbin/nologin
- password=!
- state=present
- handlers:
- - name: Install LetsEncrypt's ACME client
- apt: deb=/tmp/letsencrypt-tiny_0.1-1_all.deb
+ roles:
+ - letsencrypt
tags:
- letsencrypt
- name: Common SQL tasks
hosts: MDA:webmail:lists:bacula-dir
gather_facts: False
tags: mysql,sql
roles:
- common-SQL
- name: Common LDAP tasks
hosts: MDA:MSA:LDAP-provider:MX
gather_facts: True
tags: slapd,ldap
roles:
- common-LDAP
- name: Configure the LDAP provider
hosts: LDAP-provider
gather_facts: False
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index 114388e..dc0b5bf 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -1,32 +1,32 @@
##
## SSL settings
##
# SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
ssl = required
# PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
# dropping root privileges, so keep the key file unreadable by anyone but
# root. Included doc/mkcert.sh can be used to easily generate self-signed
# certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/dovecot/ssl/imap.fripost.org.chained.pem
+ssl_cert = </etc/dovecot/ssl/imap.fripost.org.pem
ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
# If key file is password protected, give the password here. Alternatively
# give it when starting dovecot with -p parameter. Since this file is often
# world-readable, you may want to place this setting instead to a different
# root owned 0600 file by using ssl_key_password = <path.
#ssl_key_password =
# PEM encoded trusted certificate authority. Set this only if you intend to use
# ssl_verify_client_cert=yes. The file should contain the CA certificate(s)
# followed by the matching CRL(s). (e.g. ssl_ca = </etc/ssl/certs/ca.pem)
#ssl_ca =
# Require that CRL check succeeds for client certificates.
#ssl_require_crl = yes
# Directory and/or file for trusted SSL CA certificates. These are used only
# when Dovecot needs to act as an SSL client (e.g. imapc backend). The
# directory is usually /etc/ssl/certs in Debian-based systems and the file is
# /etc/pki/tls/cert.pem in RedHat-based systems.
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index caba881..24b83c6 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -58,41 +58,41 @@ smtp_data_done_timeout = 1200s
# Anonymize the (authenticated) sender; pass the mail to the antivirus
header_checks = pcre:$config_directory/anonymize_sender.pcre
#content_filter = amavisfeed:unix:public/amavisfeed-antivirus
# TLS
{% if 'out' in group_names %}
smtp_tls_security_level = none
smtp_bind_address = 127.0.0.1
{% else %}
smtp_tls_security_level = encrypt
smtp_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
smtp_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_policy_maps = cdb:/etc/postfix/tls_policy
smtp_tls_fingerprint_digest = sha256
{% endif %}
smtpd_tls_security_level = encrypt
-smtpd_tls_cert_file = /etc/postfix/ssl/smtp.fripost.org.chained.pem
+smtpd_tls_cert_file = /etc/postfix/ssl/smtp.fripost.org.pem
smtpd_tls_key_file = /etc/postfix/ssl/smtp.fripost.org.key
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_local_domain =
smtpd_sasl_exceptions_networks = $mynetworks
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = unix:private/dovecot-auth
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 0259538..a9e7ee4 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -76,41 +76,41 @@ smtp_send_xforward_command = yes
smtp_destination_recipient_limit = 1000
reserved-alias_destination_recipient_limit = 1
# Tolerate occasional high latency
smtp_data_done_timeout = 1200s
{% if 'out' in group_names %}
smtp_tls_security_level = none
smtp_bind_address = 127.0.0.1
{% else %}
smtp_tls_security_level = encrypt
smtp_tls_cert_file = /etc/postfix/ssl/{{ ansible_fqdn }}.pem
smtp_tls_key_file = /etc/postfix/ssl/{{ ansible_fqdn }}.key
smtp_tls_session_cache_database = btree:$data_directory/smtp_tls_session_cache
smtp_tls_policy_maps = cdb:/etc/postfix/tls_policy
smtp_tls_fingerprint_digest = sha256
{% endif %}
smtpd_tls_security_level = may
smtpd_tls_exclude_ciphers = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
-smtpd_tls_cert_file = /etc/postfix/ssl/mx.fripost.org.chained.pem
+smtpd_tls_cert_file = /etc/postfix/ssl/mx.fripost.org.pem
smtpd_tls_key_file = /etc/postfix/ssl/mx.fripost.org.key
smtpd_tls_dh1024_param_file = /etc/ssl/private/dhparams.pem
smtpd_tls_CApath = /etc/ssl/certs/
smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
smtpd_tls_received_header = yes
smtpd_tls_ask_ccert = yes
# http://en.linuxreviews.org/HOWTO_Stop_spam_using_Postfix
# http://www.howtoforge.com/block_spam_at_mta_level_postfix
strict_rfc821_envelopes = yes
smtpd_delay_reject = yes
disable_vrfy_command = yes
# UCE control
invalid_hostname_reject_code = 554
multi_recipient_bounce_reject_code = 554
non_fqdn_reject_code = 554
relay_domains_reject_code = 554
diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git
index afb5fca..a78ef3f 100644
--- a/roles/git/files/etc/nginx/sites-available/git
+++ b/roles/git/files/etc/nginx/sites-available/git
@@ -5,41 +5,41 @@ server {
server_name git.fripost.org;
include snippets/acme-challenge.conf;
access_log /var/log/nginx/git.access.log;
error_log /var/log/nginx/git.error.log info;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
listen [::]:443;
server_name git.fripost.org;
include snippets/ssl.conf;
- ssl_certificate /etc/nginx/ssl/git.fripost.org.chained.pem;
+ ssl_certificate /etc/nginx/ssl/git.fripost.org.pem;
ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key;
access_log /var/log/nginx/git.access.log;
error_log /var/log/nginx/git.error.log info;
location ^~ /static/ {
alias /usr/share/cgit/;
expires 30d;
}
# Bypass the CGI to return static files stored on disk. Try first repo with
# a trailing '.git', then without.
location ~* "^/((?U)[^/]+)(?:\.git)?/objects/(?:[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(?:pack|idx))$" {
root /var/lib/gitolite/repositories;
try_files /$1.git/objects/$2 /$1/objects/$2 =404;
expires 30d;
gzip off;
# TODO honor git-daemon-export-ok
}
diff --git a/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf b/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf
new file mode 100644
index 0000000..fb19d2a
--- /dev/null
+++ b/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf
@@ -0,0 +1,86 @@
+# For certificate issuance (new-cert command), specify the certificate
+# configuration file to use
+#
+#config-certs = config/letsencrypt-certs.conf
+
+[client]
+# The value of "socket" specifies the letsencrypt-accountd(1)
+# UNIX-domain socket to connect to for signature requests from the ACME
+# client. letsencrypt aborts if the socket is readable or writable by
+# other users, or if its parent directory is writable by other users.
+# Default: "$XDG_RUNTIME_DIR/S.letsencrypt" if the XDG_RUNTIME_DIR
+# environment variable is set.
+#
+#socket = /run/user/1000/S.letsencrypt
+
+# username to drop privileges to (setting both effective and real uid).
+# Preserve root privileges if the value is empty (not recommended).
+# Default: "nobody".
+#
+user = letsencrypt
+
+# groupname to drop privileges to (setting both effective and real gid,
+# and also setting the list of supplementary gids to that single group).
+# Preserve root privileges if the value is empty (not recommended).
+#
+group = nogroup
+
+# Path to the ACME client executable.
+#command = /usr/lib/letsencrypt-tiny/client
+
+# Root URI of the ACME server. NOTE: Use the staging server for testing
+# as it has relaxed ratelimit.
+#
+#server = https://acme-v01.api.letsencrypt.org/
+#server = https://acme-staging.api.letsencrypt.org/
+
+# Timeout in seconds after which the client stops polling the ACME
+# server and considers the request failed.
+#
+#timeout = 10
+
+# Whether to verify the server certificate chain.
+SSL_verify = yes
+
+# Specify the version of the SSL protocol used to transmit data.
+SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2
+
+# Specify the cipher list for the connection.
+SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
+
+
+[webserver]
+
+# Specify the local address to listen on, in the form ADDRESS[:PORT].
+#
+#listen = 0.0.0.0:80
+#listen = [::]:80
+
+# If a webserver is already running, specify a non-existent directory
+# under which the webserver is configured to serve GET requests for
+# challenge files under "/.well-known/acme-challenge/" (for each virtual
+# hosts requiring authorization) as static files.
+#
+challenge-directory = /var/www/acme-challenge
+
+# username to drop privileges to (setting both effective and real uid).
+# Preserve root privileges if the value is empty (not recommended).
+#
+user = www-data
+
+# groupname to drop privileges to (setting both effective and real gid,
+# and also setting the list of supplementary gids to that single group).
+# Preserve root privileges if the value is empty (not recommended).
+#
+user = www-data
+
+# Path to the ACME webserver executable.
+#command = /usr/lib/letsencrypt-tiny/webserver
+
+# Whether to automatically install iptables(1) rules to open the
+# ADDRESS[:PORT] specified with listen. Theses rules are automatically
+# removed once letsencrypt exits.
+#
+#iptables = Yes
+
+; vim:ft=dosini
diff --git a/roles/letsencrypt/handlers/main.yml b/roles/letsencrypt/handlers/main.yml
new file mode 100644
index 0000000..d9eed44
--- /dev/null
+++ b/roles/letsencrypt/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: Install LetsEncrypt's ACME client
+ apt: deb=/tmp/letsencrypt-tiny_0.1-1_all.deb
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
new file mode 100644
index 0000000..c7ef7ef
--- /dev/null
+++ b/roles/letsencrypt/tasks/main.yml
@@ -0,0 +1,37 @@
+- name: Install dependencies for letsencrypt-tiny
+ apt: pkg={{ item }}
+ with_items:
+ - libjson-perl
+ - libjson-xs-perl
+ - libconfig-tiny-perl
+ - libwww-perl
+ - liblwp-protocol-https-perl
+ - libnet-ssleay-perl
+
+- name: Copy LetsEncrypt's ACME client
+ copy: src=deb/letsencrypt-tiny_0.1-1_all.deb
+ dest=/tmp
+ notify: Install LetsEncrypt's ACME client
+
+- meta: flush_handlers
+
+- name: Create a user 'letsencrypt'
+ user: name=letsencrypt system=yes
+ group=nogroup
+ createhome=no
+ home=/nonexistent
+ shell=/usr/sbin/nologin
+ password=!
+ state=present
+
+- name: Copy letsencrypt-tiny/letsencrypt-certs.conf
+ copy: src=etc/letsencrypt-tiny/letsencrypt.conf
+ dest=/etc/letsencrypt-tiny/letsencrypt.conf
+ owner=root group=root
+ mode=0644
+
+- name: Copy letsencrypt-tiny/letsencrypt-certs.conf
+ template: src=etc/letsencrypt-tiny/letsencrypt-certs.conf.j2
+ dest=/etc/letsencrypt-tiny/letsencrypt-certs.conf
+ owner=root group=root
+ mode=0644
diff --git a/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2 b/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2
new file mode 100644
index 0000000..fef5c62
--- /dev/null
+++ b/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2
@@ -0,0 +1,63 @@
+hash = sha512
+keyusage = digitalSignature, keyEncipherment
+
+{% if 'IMAP' in group_names %}
+[imap]
+certificate-key = /etc/dovecot/ssl/imap.fripost.org.key
+certificate-chain = /etc/dovecot/ssl/imap.fripost.org.pem
+subject = /O=Fripost/CN=imap.fripost.org
+subjectAltName = DNS:imap.fripost.org,DNS:sieve.fripost.org
+notify = /bin/systemctl restart dovecot
+{% endif %}
+
+{% if 'MSA' in group_names %}
+[smtp]
+certificate-key = /etc/postfix/ssl/smtp.fripost.org.key
+certificate-chain = /etc/postfix/ssl/smtp.fripost.org.pem
+subject = /O=Fripost/CN=smtp.fripost.org
+notify = /bin/systemctl restart postfix
+{% endif %}
+
+{% if 'MX' in group_names %}
+[mx]
+certificate-key = /etc/postfix/ssl/mx.fripost.org.key
+certificate-chain = /etc/postfix/ssl/mx.fripost.org.pem
+subject = /O=Fripost/CN=mx{{ mxno }}.fripost.org
+notify = /bin/systemctl restart postfix
+{% endif %}
+
+{% if 'lists' in group_names %}
+[lists]
+certificate-key = /etc/nginx/ssl/lists.fripost.org.key
+certificate-chain = /etc/nginx/ssl/lists.fripost.org.pem
+subject = /O=Fripost/CN=lists.fripost.org
+notify = /bin/systemctl restart nginx
+{% endif %}
+
+{% if 'wiki' in group_names %}
+[www]
+certificate-key = /etc/nginx/ssl/www.fripost.org.key
+certificate-chain = /etc/nginx/ssl/www.fripost.org.pem
+subject = /O=Fripost/CN=fripost.org
+subjectAltName = DNS:fripost.org,DNS:www.fripost.org,DNS:wiki.fripost.org
+notify = /bin/systemctl restart nginx
+{% endif %}
+
+{% if 'webmail' in group_names %}
+[webmail]
+certificate-key = /etc/nginx/ssl/mail.fripost.org.key
+certificate-chain = /etc/nginx/ssl/mail.fripost.org.pem
+subject = /O=Fripost/CN=mail.fripost.org
+subjectAltName = DNS:mail.fripost.org,DNS:webmail.fripost.org
+notify = /bin/systemctl restart nginx
+{% endif %}
+
+{% if 'git' in group_names %}
+[git]
+certificate-key = /etc/nginx/ssl/git.fripost.org.key
+certificate-chain = /etc/nginx/ssl/git.fripost.org.pem
+subject = /O=Fripost/CN=git.fripost.org
+notify = /bin/systemctl restart nginx
+{% endif %}
+
+; vim:ft=dosini
diff --git a/roles/lists/files/etc/nginx/sites-available/sympa b/roles/lists/files/etc/nginx/sites-available/sympa
index 5e469fa..bcf1d22 100644
--- a/roles/lists/files/etc/nginx/sites-available/sympa
+++ b/roles/lists/files/etc/nginx/sites-available/sympa
@@ -8,41 +8,41 @@ server {
access_log /var/log/nginx/lists.access.log;
error_log /var/log/nginx/lists.error.log info;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
listen [::]:443;
server_name lists.fripost.org;
access_log /var/log/nginx/lists.access.log;
error_log /var/log/nginx/lists.error.log info;
include snippets/ssl.conf;
- ssl_certificate /etc/nginx/ssl/lists.fripost.org.chained.pem;
+ ssl_certificate /etc/nginx/ssl/lists.fripost.org.pem;
ssl_certificate_key /etc/nginx/ssl/lists.fripost.org.key;
location = / {
return 302 /sympa$args;
}
location ^~ /static-sympa/ {
alias /var/lib/sympa/static_content/;
expires 30d;
}
location ^~ /sympa {
fastcgi_split_path_info ^(/sympa)(.*)$;
include snippets/fastcgi.conf;
fastcgi_pass unix:/run/wwsympa.socket;
gzip off;
}
location ~* ^/([^/]+)/?$ {
diff --git a/roles/webmail/files/etc/nginx/sites-available/roundcube b/roles/webmail/files/etc/nginx/sites-available/roundcube
index df10be9..304b05d 100644
--- a/roles/webmail/files/etc/nginx/sites-available/roundcube
+++ b/roles/webmail/files/etc/nginx/sites-available/roundcube
@@ -10,41 +10,41 @@ server {
access_log /var/log/nginx/roundcube.access.log;
error_log /var/log/nginx/roundcube.error.log info;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
listen [::]:443;
server_name mail.fripost.org;
server_name webmail.fripost.org;
root /var/lib/roundcube;
include snippets/ssl.conf;
- ssl_certificate /etc/nginx/ssl/mail.fripost.org.chained.pem;
+ ssl_certificate /etc/nginx/ssl/mail.fripost.org.pem;
ssl_certificate_key /etc/nginx/ssl/mail.fripost.org.key;
location = /favicon.ico {
root /usr/share/roundcube/skins/default/images;
log_not_found off;
access_log off;
expires max;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Deny all attempts to access hidden files, or files under hidden
# directories.
location ~ /\. { return 404; }
access_log /var/log/nginx/roundcube.access.log;
diff --git a/roles/wiki/files/etc/nginx/sites-available/website b/roles/wiki/files/etc/nginx/sites-available/website
index 2519286..5d382ec 100644
--- a/roles/wiki/files/etc/nginx/sites-available/website
+++ b/roles/wiki/files/etc/nginx/sites-available/website
@@ -7,41 +7,41 @@ server {
include snippets/acme-challenge.conf;
access_log /var/log/nginx/www.access.log;
error_log /var/log/nginx/www.error.log info;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
listen [::]:443;
server_name fripost.org;
server_name www.fripost.org;
include snippets/ssl.conf;
- ssl_certificate /etc/nginx/ssl/www.fripost.org.chained.pem;
+ ssl_certificate /etc/nginx/ssl/www.fripost.org.pem;
ssl_certificate_key /etc/nginx/ssl/www.fripost.org.key;
access_log /var/log/nginx/www.access.log;
error_log /var/log/nginx/www.error.log info;
location / {
try_files $uri $uri/ =404;
index index.html;
root /var/lib/ikiwiki/public_html/fripost-wiki/website;
}
location /static/ {
alias /var/lib/ikiwiki/public_html/fripost-wiki/static/;
expires 30d;
}
location /material/ {
alias /var/www/fripost.org/material/;
expires 30d;
}
location /minutes/ {
alias /var/www/fripost.org/minutes/;
diff --git a/roles/wiki/files/etc/nginx/sites-available/wiki b/roles/wiki/files/etc/nginx/sites-available/wiki
index 2855e07..d61ff28 100644
--- a/roles/wiki/files/etc/nginx/sites-available/wiki
+++ b/roles/wiki/files/etc/nginx/sites-available/wiki
@@ -6,41 +6,41 @@ server {
include snippets/acme-challenge.conf;
access_log /var/log/nginx/wiki.access.log;
error_log /var/log/nginx/wiki.error.log info;
location / {
location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; }
return 301 https://$host$request_uri;
}
}
server {
listen 443;
listen [::]:443;
server_name wiki.fripost.org;
include snippets/ssl.conf;
- ssl_certificate /etc/nginx/ssl/www.fripost.org.chained.pem;
+ ssl_certificate /etc/nginx/ssl/www.fripost.org.pem;
ssl_certificate_key /etc/nginx/ssl/www.fripost.org.key;
access_log /var/log/nginx/wiki.access.log;
error_log /var/log/nginx/wiki.error.log info;
location / {
location ~ ^/website(/.*)?$ { return 302 $scheme://fripost.org$1; }
try_files $uri $uri/ =404;
index index.html;
root /var/lib/ikiwiki/public_html/fripost-wiki;
}
location = /ikiwiki.cgi {
fastcgi_param DOCUMENT_ROOT /var/lib/ikiwiki/public_html/fripost-wiki;
fastcgi_param SCRIPT_FILENAME /var/lib/ikiwiki/public_html/ikiwiki.cgi;
fastcgi_index ikiwiki.cgi;
include snippets/fastcgi.conf;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
gzip off;
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 01:46:23 +0000