summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-06-15 18:08:48 +0200
committerGuilhem Moulin <guilhem@fripost.org>2016-06-15 18:13:09 +0200
commit02d4a5892bb3019d448c453ad279788fcd3f1531 (patch)
treef8e023267ac8af5cab8aa5413c52c37c6d9257af
parent97e78349145156ca6565ee5b2af54983a6fdd3a6 (diff)
certs/public: fetch each cert's pubkey (SPKI), not the cert itself.
To avoid new commits upon cert renewal.
-rwxr-xr-xcerts/gencerts.sh10
-rw-r--r--certs/public/fripost.org.pem49
-rw-r--r--certs/public/git.fripost.org.pem49
-rw-r--r--certs/public/imap.fripost.org.pem49
-rw-r--r--certs/public/lists.fripost.org.pem49
-rw-r--r--certs/public/mail.fripost.org.pem49
-rw-r--r--certs/public/mx1.fripost.org.pem49
-rw-r--r--certs/public/mx2.fripost.org.pem49
-rw-r--r--certs/public/smtp.fripost.org.pem49
-rw-r--r--roles/IMAP/tasks/imap.yml2
-rw-r--r--roles/MSA/tasks/main.yml2
-rw-r--r--roles/MX/tasks/main.yml2
-rw-r--r--roles/git/tasks/cgit.yml2
-rw-r--r--roles/lists/tasks/nginx.yml2
-rw-r--r--roles/webmail/tasks/roundcube.yml2
-rw-r--r--roles/wiki/tasks/main.yml2
16 files changed, 124 insertions, 292 deletions
diff --git a/certs/gencerts.sh b/certs/gencerts.sh
index b1f56c2..81a27fc 100755
--- a/certs/gencerts.sh
+++ b/certs/gencerts.sh
@@ -21,7 +21,7 @@ x509fpr() {
local msg="$1" host cert h spki
host="${msg%%,*}"; host="${host%% *}"; host="${host#\`}"
cert="$DIR/${host%%:*}.pem"
- spki=$(openssl x509 -noout -pubkey<"$cert" | openssl pkey -pubin -outform DER | openssl dgst -sha1 | sed -nr 's/^[^=]+=\s*//p')
+ spki=$(openssl pkey -pubin -outform DER <"$cert" | openssl dgst -sha1 | sed -nr 's/^[^=]+=\s*//p')
[ "$typ" = mdwn ] && printf '\n [%s](https://crt.sh/?spkisha1=%s&iCAID=16418)\n\n' "$msg" "$spki" \
|| printf ' %s\n X.509: https://crt.sh/?spkisha1=%s&iCAID=16418\n SPKI:\n' \
"$( echo "$msg" | tr -d '`' )" "$spki"
@@ -29,7 +29,7 @@ x509fpr() {
[ "$typ" = mdwn ] || echo -n ' '
echo -n "$h" | tr '[a-z]' '[A-Z]'
for i in $(seq 1 $((7 - ${#h}))); do echo -n ' '; done
- openssl x509 -noout -pubkey<"$cert" | openssl pkey -pubin -outform DER | openssl dgst -"$h" -c | sed -nr 's/^[^=]+=\s*//p'
+ openssl pkey -pubin -outform DER <"$cert" | openssl dgst -"$h" -c | sed -nr 's/^[^=]+=\s*//p'
done | sed -r "s/(\S+)(.*)/$indent\1\U\2/"
}
@@ -109,7 +109,7 @@ view all issued Let's Encrypt certificates at crt.sh:
https://crt.sh/?Identity=%25fripost.org&iCAID=16418
-Our X.509 certificates are also available in PEM format at:
+The SPKI of our X.509 certificates are also available in PEM format at:
$VCS_BROWSER/tree/certs/public ,
@@ -138,8 +138,8 @@ Authority](https://letsencrypt.org), and are submitted to [Certificate
Transparency logs](https://www.certificate-transparency.org).
You can view all issued Let's Encrypt certificates at
[crt.sh](https://crt.sh/?Identity=%25fripost.org&iCAID=16418).
-Our X.509 certificates are also available in PEM format under our
-[Git repository]($VCS_BROWSER/tree/certs/public),
+The SPKI of our X.509 certificates are also available in PEM format
+under our [Git repository]($VCS_BROWSER/tree/certs/public),
from which this fingerprint list was [generated]($VCS_BROWSER/tree/certs/gencerts.sh), at
$(git --no-pager --git-dir="$DIR/../../.git" --work-tree="$DIR" log -1 --pretty=format:"[Commit ID %h from %aD]($VCS_BROWSER/tree/certs/public?id=%H)" -- "$DIR").
diff --git a/certs/public/fripost.org.pem b/certs/public/fripost.org.pem
index 19aff7b..48298e0 100644
--- a/certs/public/fripost.org.pem
+++ b/certs/public/fripost.org.pem
@@ -1,35 +1,14 @@
------BEGIN CERTIFICATE-----
-MIIGHTCCBQWgAwIBAgISA8TJDGMExy2Ixic0gI7OIpJpMA0GCSqGSIb3DQEBCwUA
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjAzMjcxNjEyMDBaFw0x
-NjA2MjUxNjEyMDBaMBYxFDASBgNVBAMTC2ZyaXBvc3Qub3JnMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEA40NtrjEbAPdCAliRNgd+6DgwGDGe0eOwyIWu
-nhwWQ3qOz+6zmSVqW4KhbPW5ISipA82SKw97Gu9g6nSRWTHMkry4SzSpis99eQ7x
-QA8TpLm+g9MzH8CJKs3ea8N2Xqc6EqpnaNmCSo07+0oki2r5LRAwANChLOFuRvRI
-Mg4bckDcJ5WGR7n+E8NllZI9ntjeFk9uqNcnXkCU1j5kCG9P5MdRm3mgSHCCZN2o
-3JcBFx2Na6QWLRiCHA0JY2xi/MNewdk2LRAYHxT/4HHXNCJ0zBKYNZYDbAVLIOhd
-5Nb8ZrgNwG+Tz3gdgeCM3P2FEVNaufOh8YgxzCXigbogVLDqzTdVOi1I7ERUCOsG
-jh8kN+Nbte1hHLPFuVCQNhiaIaKFM+IYUaMWPoLxN9knHWcVUMwdwuKg9lLVnGvF
-nV+SZcqtekIZ4L6Ekw/tQtjxEKpm7AWYIgYCt+K6XAs4nzjFpAvGbgzqZE3jWtjg
-twpkc+UsPL9YNwwJwMnwGZfLeM3lDeJo7U1OYOf0MV65H5JRM0wduqvpnCm8Ft0i
-7OhEzOi7/wBtWU0TnyZNYz6wOZ0nMAvqjHDJ+NmE4nWoBQHY+hDD1x+pAtKNy2jn
-nfjd6N2ToUEdfIBiNOT37uinMwDq3Y+BCK0hUEyOCE8MKx82v2aysgc2sLHNKlsO
-zBScg0UCAwEAAaOCAi8wggIrMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggr
-BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUHZY9GB30
-kxEIRKVLzdyDVL4FPycwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEw
-cAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5pbnQteDMu
-bGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgz
-LmxldHNlbmNyeXB0Lm9yZy8wOQYDVR0RBDIwMIILZnJpcG9zdC5vcmeCEHdpa2ku
-ZnJpcG9zdC5vcmeCD3d3dy5mcmlwb3N0Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeB
-DAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMu
-bGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNh
-dGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFu
-ZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5
-IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0G
-CSqGSIb3DQEBCwUAA4IBAQCZ9zyo73lykgPOjqqn72mSfo2wiVNj9sH/VCEStRlJ
-FfFrbeRk4BKWDbe/5aHG++FX9ondyT6xQkJcr4UsIdtx0ixl3lgbBA2tlxMR2YID
-8ItYAtp97tz/meh3fqCNMVmPril1t2P1pa035EUts1Lm3N/AaQwkZB4mm7JrnFnc
-0P4ZtshQqErFbb6Q5qVY92IKSq846QQUPjX6luF4afTAluqG4xPyWJvSUPZ5GHdi
-QBm7A3189oJ+lqTp78IDChaYGJBk3PjwG0ubBOabttAMPlfzmFzwi+Cbcd9ntFXn
-8Pq4ah1p/mB+FZx3020oW4O10ky7+R8m6BS4Qnfllr0V
------END CERTIFICATE-----
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA40NtrjEbAPdCAliRNgd+
+6DgwGDGe0eOwyIWunhwWQ3qOz+6zmSVqW4KhbPW5ISipA82SKw97Gu9g6nSRWTHM
+kry4SzSpis99eQ7xQA8TpLm+g9MzH8CJKs3ea8N2Xqc6EqpnaNmCSo07+0oki2r5
+LRAwANChLOFuRvRIMg4bckDcJ5WGR7n+E8NllZI9ntjeFk9uqNcnXkCU1j5kCG9P
+5MdRm3mgSHCCZN2o3JcBFx2Na6QWLRiCHA0JY2xi/MNewdk2LRAYHxT/4HHXNCJ0
+zBKYNZYDbAVLIOhd5Nb8ZrgNwG+Tz3gdgeCM3P2FEVNaufOh8YgxzCXigbogVLDq
+zTdVOi1I7ERUCOsGjh8kN+Nbte1hHLPFuVCQNhiaIaKFM+IYUaMWPoLxN9knHWcV
+UMwdwuKg9lLVnGvFnV+SZcqtekIZ4L6Ekw/tQtjxEKpm7AWYIgYCt+K6XAs4nzjF
+pAvGbgzqZE3jWtjgtwpkc+UsPL9YNwwJwMnwGZfLeM3lDeJo7U1OYOf0MV65H5JR
+M0wduqvpnCm8Ft0i7OhEzOi7/wBtWU0TnyZNYz6wOZ0nMAvqjHDJ+NmE4nWoBQHY
++hDD1x+pAtKNy2jnnfjd6N2ToUEdfIBiNOT37uinMwDq3Y+BCK0hUEyOCE8MKx82
+v2aysgc2sLHNKlsOzBScg0UCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/public/git.fripost.org.pem b/certs/public/git.fripost.org.pem
index b586a50..289261a 100644
--- a/certs/public/git.fripost.org.pem
+++ b/certs/public/git.fripost.org.pem
@@ -1,35 +1,14 @@
------BEGIN CERTIFICATE-----
-MIIGAjCCBOqgAwIBAgISA9/Ky82y+J83TF6dRd+6Z4Q0MA0GCSqGSIb3DQEBCwUA
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjAzMjcxNjEyMDBaFw0x
-NjA2MjUxNjEyMDBaMBoxGDAWBgNVBAMTD2dpdC5mcmlwb3N0Lm9yZzCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKZhfyFvQMwMR4fRPBDKsyIkSe7M5wnx
-4IZ0yoJLEU0xq84K+SRQ1l/d2nrnoXQ4QKZj1/Ld9tF0nv3OrmDVvoIjalVCNn2g
-/XBW0e41KdHybhim3hYYB5WajEswGQB8UUgUrCtLoVFhzv9YfrPLVEgMl94GFm0B
-Ju+hasccQrpqD9G5Zzy39VNXaubORUrGXAhpv3yxzaT+WPcvu4kSOqTNcIchujNg
-oIuzp8wtBFSoRfU138tZpLAu+5XK73klb50sDu1/PsL6XnfjDgSGhdhEpkKrf5tS
-3dItAWvJLm9iLAdfLYRye3bgnGkTTiFr6HXiWEbFEb+SccrPtu7nSQEOwjQAIgM+
-eyDuBQE8/z9TN4xutCQOnR4FMysfGUt+Qfd7IZ35Sh1NKcUzN2LHNw1oY06wOMyh
-OYqKztIn/rLjOy+O6sphjy5mn2T4CzQHsqwvXbBHMqnx2uGOLJs2bAbWPfTkmggv
-20lfvnao/L73/RdG9oXqMCErPgVekh90RdpI5BpiPU5cgoNnSgGc6bw3O31CItgT
-dugAzP7mmHdq+1vEgF4Bu6QgBve+UTmJNw5oPTxDW/kDMcmKryz0mJTIv+8EOQLM
-OolWDwKE/v0bF7hY62PVKupb5Whky3k80uUYyh+jD9OMUDvfROvAqmd1CdtpJLhF
-XXxdjG2JonSfAgMBAAGjggIQMIICDDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLlf
-KgMvKLcbf4VlquCyXqJeRuMoMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/z
-qOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50
-LXgzLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0Lmlu
-dC14My5sZXRzZW5jcnlwdC5vcmcvMBoGA1UdEQQTMBGCD2dpdC5mcmlwb3N0Lm9y
-ZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYI
-KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
-AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
-YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
-aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
-cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBVXpdNB3ogPaDR
-LxyEosMxH8b0WC/8XXYmr6uiR1cJ4NdnH745UHFuyt+9x7D3pI01eIETMdo03x+q
-wwHDDkrcpLxnDN5IRwGI6YCHnyOAqVJuYVuBhd5QPeWiGIW+hmU+tY+Rxt3SXuor
-/QZVqcy12vl9VrL9bdkRg9wy4l9JZbrspMuZfAa5whVSR6zyMgvurrp3wiKEL8X+
-/+hMN+7+2VMgXysrUOTHKB4gnfq2e9er2BIMgJETD9lv0FfU7YB+9hYIMJv+k+bH
-8Co/QD8d5MuW3fm4Gb2yYkp/oG9HdePAqURgEfSYaGSGNXuK67LovZNQVzd2aU3K
-y0sQt8nm
------END CERTIFICATE-----
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApmF/IW9AzAxHh9E8EMqz
+IiRJ7sznCfHghnTKgksRTTGrzgr5JFDWX93aeuehdDhApmPX8t320XSe/c6uYNW+
+giNqVUI2faD9cFbR7jUp0fJuGKbeFhgHlZqMSzAZAHxRSBSsK0uhUWHO/1h+s8tU
+SAyX3gYWbQEm76FqxxxCumoP0blnPLf1U1dq5s5FSsZcCGm/fLHNpP5Y9y+7iRI6
+pM1whyG6M2Cgi7OnzC0EVKhF9TXfy1mksC77lcrveSVvnSwO7X8+wvped+MOBIaF
+2ESmQqt/m1Ld0i0Ba8kub2IsB18thHJ7duCcaRNOIWvodeJYRsURv5Jxys+27udJ
+AQ7CNAAiAz57IO4FATz/P1M3jG60JA6dHgUzKx8ZS35B93shnflKHU0pxTM3Ysc3
+DWhjTrA4zKE5iorO0if+suM7L47qymGPLmafZPgLNAeyrC9dsEcyqfHa4Y4smzZs
+BtY99OSaCC/bSV++dqj8vvf9F0b2heowISs+BV6SH3RF2kjkGmI9TlyCg2dKAZzp
+vDc7fUIi2BN26ADM/uaYd2r7W8SAXgG7pCAG975ROYk3Dmg9PENb+QMxyYqvLPSY
+lMi/7wQ5Asw6iVYPAoT+/RsXuFjrY9Uq6lvlaGTLeTzS5RjKH6MP04xQO99E68Cq
+Z3UJ22kkuEVdfF2MbYmidJ8CAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/public/imap.fripost.org.pem b/certs/public/imap.fripost.org.pem
index 77f5140..8481196 100644
--- a/certs/public/imap.fripost.org.pem
+++ b/certs/public/imap.fripost.org.pem
@@ -1,35 +1,14 @@
------BEGIN CERTIFICATE-----
-MIIGFzCCBP+gAwIBAgISA2SS7JEhK59MgPG+SiJtoT2RMA0GCSqGSIb3DQEBCwUA
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA1MTcwODMyMDBaFw0x
-NjA4MTUwODMyMDBaMBsxGTAXBgNVBAMTEGltYXAuZnJpcG9zdC5vcmcwggIiMA0G
-CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDZaLXYYngW1ioTzfNRtmUeFh9Kopdi
-1qfcpRdPwTndRJRfWNC8eA66gDsypYAHc2TlKW86H5ktSpl4ZxmeXTPvK1Ajfe5u
-MkOwIHrjHCqKtXXYq4VX0bPCBNSAtT6X1/unBebEoMl/SX6R6m78lEc2020bW7vT
-ATMbdGN0AKW3C+zyfOAK2uMILEaFL/0wQRwXJZD8vYk8XH6h3p2Sb9Zb7X5xb0kf
-QoDom6AV6gNYnFGsxZkTGcAZVfia2gjM2gl7b/QW8FH4ENazrYqyMs7wMAOvYLfJ
-WybxgwqEiVIG8+p/uYIKfqZaLabBXa++JgEx1CkxqsTqXAw2ruYGNZ46V0YiUxnk
-Huyoq6eRR+gnzN7TUVx7bbeBCoKcin/r33TSJj6rc7l7YrzelO7LpLDV67gKxhjE
-y76BILtscipL2SV/MsRR4mjn3Lm74Al90DHgfsXYlPvzrOdpDqwhpv96LKo6lop0
-hz0PQMQrYWYu43wfPAZOZtBH5Mdc/8NapnA6cnzWhCxtWKFK+bO6FItUgDGxET36
-WZUClrRpCLHk+nOn9buPWddr3JbEasvTdgIDKWF1D4hqKxNK1+myo7fQE6999nEO
-jrpiN5bhr1HUOWmSOnEcPm3zUskDk133koQ/CpfUMzg8jZpXSsYpVRov+oUZofcU
-zkPdVExs8rz7MwIDAQABo4ICJDCCAiAwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQG
-WiAaUhAefQy9IZ0tP8BZqxPF5DAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv
-86jsoTBwBggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmlu
-dC14My5sZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
-bnQteDMubGV0c2VuY3J5cHQub3JnLzAuBgNVHREEJzAlghBpbWFwLmZyaXBvc3Qu
-b3JnghFzaWV2ZS5mcmlwb3N0Lm9yZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB
-5gYLKwYBBAGC3xMBAQEwgdYwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2Vu
-Y3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5
-IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5
-IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5k
-IGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3
-DQEBCwUAA4IBAQBqKh93dXBytqFHwBwkpR2deCxhSRT5bItGOQDQv8vdjDY4BaDA
-i9ztlN3P4rKsI61ev+r+2rpaZEoDvN4Qp/3gCEJ40WO0SHe8QTlxvTE/IuCSsgJd
-oYTTx7e4bX9VeAiZK0qgL5knvMITVrgCq0UV/LGl0CKjHcCiNqvI/mtC9MQHeCI0
-eY6cKApofYNjpPVPBiXOdGSPKFsoSXP7Dpy0l8IPnNhLDRipDa+asNySxRUt2V0U
-D266Y3UpA5Gl1Wd4OB9HLYFOFBNriwYvdhlX/DgO3BckI0V/YNfMCEVmzmWU+lZ2
-fBcApGPdo8VVGtwCUWVfY8YkJt5HA5hPo8xP
------END CERTIFICATE-----
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2Wi12GJ4FtYqE83zUbZl
+HhYfSqKXYtan3KUXT8E53USUX1jQvHgOuoA7MqWAB3Nk5SlvOh+ZLUqZeGcZnl0z
+7ytQI33ubjJDsCB64xwqirV12KuFV9GzwgTUgLU+l9f7pwXmxKDJf0l+kepu/JRH
+NtNtG1u70wEzG3RjdACltwvs8nzgCtrjCCxGhS/9MEEcFyWQ/L2JPFx+od6dkm/W
+W+1+cW9JH0KA6JugFeoDWJxRrMWZExnAGVX4mtoIzNoJe2/0FvBR+BDWs62KsjLO
+8DADr2C3yVsm8YMKhIlSBvPqf7mCCn6mWi2mwV2vviYBMdQpMarE6lwMNq7mBjWe
+OldGIlMZ5B7sqKunkUfoJ8ze01Fce223gQqCnIp/69900iY+q3O5e2K83pTuy6Sw
+1eu4CsYYxMu+gSC7bHIqS9klfzLEUeJo59y5u+AJfdAx4H7F2JT786znaQ6sIab/
+eiyqOpaKdIc9D0DEK2FmLuN8HzwGTmbQR+THXP/DWqZwOnJ81oQsbVihSvmzuhSL
+VIAxsRE9+lmVApa0aQix5Ppzp/W7j1nXa9yWxGrL03YCAylhdQ+IaisTStfpsqO3
+0BOvffZxDo66YjeW4a9R1DlpkjpxHD5t81LJA5Nd95KEPwqX1DM4PI2aV0rGKVUa
+L/qFGaH3FM5D3VRMbPK8+zMCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/public/lists.fripost.org.pem b/certs/public/lists.fripost.org.pem
index 9220fa9..0e520ad 100644
--- a/certs/public/lists.fripost.org.pem
+++ b/certs/public/lists.fripost.org.pem
@@ -1,35 +1,14 @@
------BEGIN CERTIFICATE-----
-MIIGBjCCBO6gAwIBAgISAwyOSjcasQPRyMo8ICnH6LImMA0GCSqGSIb3DQEBCwUA
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA1MjgwMTAyMDBaFw0x
-NjA4MjYwMTAyMDBaMBwxGjAYBgNVBAMTEWxpc3RzLmZyaXBvc3Qub3JnMIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxy2uS+XBKPzAqj72knb7BOxowvWc
-vtXzCWtU0QBxkcjwPIuXT5tO3/VWOTV3TZZD4rLX1W9hHk+YB7sC+a9SG8FnNnp6
-L02NIfZf+PmI2FSimA+8E9aA5tmh1zYs4vyT3cre4TUceOfmqa7umsmkRA7pMNzo
-Q3EtYduS2r9mr7CRivjkufggJu/gOXGpt2bZ2vlYdA8PqkWxQvNERqjRMaBQd8hJ
-bhzUEmfHdGDMN3f3BpylBYdmRKpj5gc1mEwUgThYJUuar8TU7SuJZVf0VKUcsrhQ
-jYcUb7afnPErIh410gEoOZpmprLVgGEyCRj9l9crez0d1zzun40E0DDDlIGMYcOB
-BwRotVQZnbxGm9h3enOrXdDHw97FGfoI2DhG/51N6Nesem9WaBa6bXO0XsUf8jw2
-sqpaJWd6W3ZyjpnLRwSOPzDWlQgcCx/AVxUC6N8qQMZFEnhaZP95gnQ/n5VPtCO5
-XbgNEvZuBj/95yyDQA4dozRBJ8ELKpW+7aYeSh75KTidjthHPijzCMHkI3xK5csJ
-XnKAhTEenw9lfcBHvx/eogQghktDdBYa3sjQQOoyQj+33DR5HzKKsJAMsKXRKDBI
-/tolHSxJtYwoFNTNOFJ3aq/gPWZqgqm3yctAIyq5oHraaJAOzBkV09NzUFdI5Dw0
-UC6YmZZtmtKoWVsCAwEAAaOCAhIwggIOMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
-FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU
-R9kLB3gXJ0EiHvp7BNKA6bGL4AYwHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl
-7/Oo7KEwcAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUFBzABhiNodHRwOi8vb2NzcC5p
-bnQteDMubGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQu
-aW50LXgzLmxldHNlbmNyeXB0Lm9yZy8wHAYDVR0RBBUwE4IRbGlzdHMuZnJpcG9z
-dC5vcmcwgf4GA1UdIASB9jCB8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHW
-MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYB
-BQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1
-cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdp
-dGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNl
-bmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAVJ7a+4S8
-gEYoyEfUWY3WJZ3nH9h7ySQvP+bUvvFFnIAYUAHwzv1PokFdk4NMWzagpo5uN0qf
-FOe8/UAiLzudWqZJBbka0IXx5AA020iCcqke7IO36x96FiL72Oz8h+nPZyU4x5fX
-ZFBxfk2iL17UNX00Uq9KL19aPehZhKklfO8vXxBthGjfIWnHpCtZfUPjRreMkBmk
-z6/0gus9X+eDAfl7/JnR6JcisCDN0j2thWx8eQyfndKQqEABBWP62xAJ6eVoC8h8
-fpDGApSlH/86XdxMvw6HQEEgQSCTHDMskN595pvuqvOgDugM4PPqs0OGpIDmazNn
-pQFcUHxEW0oPog==
------END CERTIFICATE-----
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxy2uS+XBKPzAqj72knb7
+BOxowvWcvtXzCWtU0QBxkcjwPIuXT5tO3/VWOTV3TZZD4rLX1W9hHk+YB7sC+a9S
+G8FnNnp6L02NIfZf+PmI2FSimA+8E9aA5tmh1zYs4vyT3cre4TUceOfmqa7umsmk
+RA7pMNzoQ3EtYduS2r9mr7CRivjkufggJu/gOXGpt2bZ2vlYdA8PqkWxQvNERqjR
+MaBQd8hJbhzUEmfHdGDMN3f3BpylBYdmRKpj5gc1mEwUgThYJUuar8TU7SuJZVf0
+VKUcsrhQjYcUb7afnPErIh410gEoOZpmprLVgGEyCRj9l9crez0d1zzun40E0DDD
+lIGMYcOBBwRotVQZnbxGm9h3enOrXdDHw97FGfoI2DhG/51N6Nesem9WaBa6bXO0
+XsUf8jw2sqpaJWd6W3ZyjpnLRwSOPzDWlQgcCx/AVxUC6N8qQMZFEnhaZP95gnQ/
+n5VPtCO5XbgNEvZuBj/95yyDQA4dozRBJ8ELKpW+7aYeSh75KTidjthHPijzCMHk
+I3xK5csJXnKAhTEenw9lfcBHvx/eogQghktDdBYa3sjQQOoyQj+33DR5HzKKsJAM
+sKXRKDBI/tolHSxJtYwoFNTNOFJ3aq/gPWZqgqm3yctAIyq5oHraaJAOzBkV09Nz
+UFdI5Dw0UC6YmZZtmtKoWVsCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/public/mail.fripost.org.pem b/certs/public/mail.fripost.org.pem
index 6666353..c6852f6 100644
--- a/certs/public/mail.fripost.org.pem
+++ b/certs/public/mail.fripost.org.pem
@@ -1,35 +1,14 @@
------BEGIN CERTIFICATE-----
-MIIGGTCCBQGgAwIBAgISAyswlBR1Dlj2YdJ8TPS7ACIsMA0GCSqGSIb3DQEBCwUA
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjAzMjcxNTU5MDBaFw0x
-NjA2MjUxNTU5MDBaMBsxGTAXBgNVBAMTEG1haWwuZnJpcG9zdC5vcmcwggIiMA0G
-CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAW/LL+h8Iqhv+6MhmqNCEmXBb822T
-C+uVIGS2wY4sWMl2A7wkldmG7huERI0ornL2R2ypnEV9Rlv8YdnBfnuDGRKNr3DE
-JBgVZFfel3XDlne4U/oQFpFJFi7DkCpU+tpAsadt6TmiLgW3PsQRwDiCuEpfGKmo
-f53QRkHxIVVfrR84hGK8beqQkSn5cb5e0XaAof5s9I/IlU9WcIlSLzZsWLE3WAO9
-QO1goyDrBCeTvMUIC3lkFlSIyJL4m0dyPM9RoELpAOX0i2YQ+Vz8sW5n/6xPrBGU
-piNTaQKa1gX4fleu/6ZEdIzRC7y1vX352wED/cPRC3hLc4kEnUqj+4UzxZup4xe/
-zITxLqa7DArOnj9o9qNCOaLy9zBE6RgJMR42Wv4R53O5GTQHkcU6UtZrSbuxdK6j
-9+3HwfLOwGEbb3dE8RSt1RNvz9cu1EqFGPSfsiGor1v3fiuL7OK/+5+WdxF4myKv
-xui5fmU8KyoDebLs+59CcBNHTcR94eyiSTTDvPgZUIzQaA75wWjwc2S/Eli7Znc/
-bW5PMZhJzqdmORvgg4ryZUl8Vz+KyeGBK+Z5BdEAlsQcOZyax+Ixlc6Ek90Fy71y
-c7lxRbs73FbMIEBKaIceMmEp7jRjqZHZYwGQLyD98XdSCRHFryU8gkdjTKcnZNJp
-9EFpyOXCpaVS8wIDAQABo4ICJjCCAiIwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSm
-OAr5ZZ5/QM3nckd78yr33xB0STAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv
-86jsoTBwBggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmlu
-dC14My5sZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
-bnQteDMubGV0c2VuY3J5cHQub3JnLzAwBgNVHREEKTAnghBtYWlsLmZyaXBvc3Qu
-b3JnghN3ZWJtYWlsLmZyaXBvc3Qub3JnMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIB
-MIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRz
-ZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBt
-YXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9u
-bHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91
-bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZI
-hvcNAQELBQADggEBADsJFbE1vAcXRk4bd4dniTOXK9K9t254bPLz0MPqX/mVSnuX
-AB0bqdBGjC+TRwwTD43hjeulDhjgxqsijWKJKnvgz+A7SYy8Bw72RK9JSjn6BdnF
-qo9wQ1N2jCQThbubZ24VPSMLOEK0X42brgxjVG7mnomTcCuve9ta8Omr7i0o9lta
-0yD6m8zkKd1AIbzGMGu0LTixdjmc8tYP+zeDh8l5bQb/DlHWsTeXsDwpChOeO95p
-mn/9iJSxs/w76qMyvDcupGHsS6aGow7DQ72xybFrec4paUuzL5JVtSuMOr9Equyl
-ZKhT4MwPjvH9QUZkbz3fxoVBY5T8jHAqTr/Ivfo=
------END CERTIFICATE-----
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwFvyy/ofCKob/ujIZqjQ
+hJlwW/NtkwvrlSBktsGOLFjJdgO8JJXZhu4bhESNKK5y9kdsqZxFfUZb/GHZwX57
+gxkSja9wxCQYFWRX3pd1w5Z3uFP6EBaRSRYuw5AqVPraQLGnbek5oi4Ftz7EEcA4
+grhKXxipqH+d0EZB8SFVX60fOIRivG3qkJEp+XG+XtF2gKH+bPSPyJVPVnCJUi82
+bFixN1gDvUDtYKMg6wQnk7zFCAt5ZBZUiMiS+JtHcjzPUaBC6QDl9ItmEPlc/LFu
+Z/+sT6wRlKYjU2kCmtYF+H5Xrv+mRHSM0Qu8tb19+dsBA/3D0Qt4S3OJBJ1Ko/uF
+M8WbqeMXv8yE8S6muwwKzp4/aPajQjmi8vcwROkYCTEeNlr+EedzuRk0B5HFOlLW
+a0m7sXSuo/ftx8HyzsBhG293RPEUrdUTb8/XLtRKhRj0n7IhqK9b934ri+ziv/uf
+lncReJsir8bouX5lPCsqA3my7PufQnATR03EfeHsokk0w7z4GVCM0GgO+cFo8HNk
+vxJYu2Z3P21uTzGYSc6nZjkb4IOK8mVJfFc/isnhgSvmeQXRAJbEHDmcmsfiMZXO
+hJPdBcu9cnO5cUW7O9xWzCBASmiHHjJhKe40Y6mR2WMBkC8g/fF3UgkRxa8lPIJH
+Y0ynJ2TSafRBacjlwqWlUvMCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/public/mx1.fripost.org.pem b/certs/public/mx1.fripost.org.pem
index 80d5cdc..d2b978c 100644
--- a/certs/public/mx1.fripost.org.pem
+++ b/certs/public/mx1.fripost.org.pem
@@ -1,35 +1,14 @@
------BEGIN CERTIFICATE-----
-MIIGAjCCBOqgAwIBAgISAxkv8jtmF7Sg/M9SaEhRkB3dMA0GCSqGSIb3DQEBCwUA
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjAzMjcxNTU5MDBaFw0x
-NjA2MjUxNTU5MDBaMBoxGDAWBgNVBAMTD214MS5mcmlwb3N0Lm9yZzCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKlhAZFY51Mns5A0IyBXGwxS5tdYQaue
-WU/PobCkl0hwMxPB1OzSYa71etMkFiTOsgspxWQ624T7MHM3JhSdOJUpMBJKNwaz
-dsC4sWT7eRTNiLpmM8PypXnJqJ7kvMzLUZiqRM3vfjJ/znOAb1B+zWIiyVCFFk6j
-4X5Ue6zfUROFGVxbIpK7lgpNYI0Ia9IXyX13iqRCvDlcmRdCtz4UpxTaLz6fOyfa
-5S52ABgu9aqjI5eVInTSL0zjPXpn3jzW23z+lffCIxx765iXFJdEuWbzlFnE6SZN
-yvA6zDDfJ+g0D1Pas964nzm0JWGAwQozg5qZFF99Zwxa3PC8nBh7ih+D1j7HPsA0
-93CvU7PITKnDNOdI6i+h+AJQ+wxsb0RtQ88QT/BdAGcD/WpSXn6MG/GBtE6AtSNv
-cd2me4jOAbQHShSQ49/iRTvUmP8jcxW1+CDoYhY+2nBO8MkrNciIK6j8HwptSpbl
-ZDp9GxyrXBXE4YWM1bFIAEBv9u+MrREt9Np/+hCPuaFW0Gx/Dcga47Tcfsm1v4Ub
-NAuciQLEz/CCBAIIfikykDq15Y9Y1WhOmlv5lGN/0dQGqDlXYs7ZGBmbiTv9AYug
-Sawqay8q1MquoIoVPTXP0/5KIdQrx3ioFkZF3fxbGi6iTzwtqcsiKX+82dMW+3PY
-/6L3nrlYwncNAgMBAAGjggIQMIICDDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKXT
-6Tt9ylkLkl3fyPVtgKlD5q8eMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/z
-qOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50
-LXgzLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0Lmlu
-dC14My5sZXRzZW5jcnlwdC5vcmcvMBoGA1UdEQQTMBGCD214MS5mcmlwb3N0Lm9y
-ZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYI
-KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
-AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
-YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
-aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
-cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBcWjyEkYN2/MfG
-4ZLVFr6KtF0e7DQXu8hnShgK2XXuav8NsOFOmrD0AQiKBOykSpZTeQlt2wQFevPl
-mihfOc6l1suc4UUaSb4ZQH2qAPuPjt8LNpZ7dahpdDpRftlnZe5aorWiHnjS8FQ1
-PQUkcXFW/JQQqiSbi44N8F5s4Xu5tvGqpq7jb8F0u4cg3anYse5usb6oSDerOSJ8
-6nqeqWzJzsQ4sTZDcoUIp/bRjHvPdpV/VH3mCP7ByXyS1hFpz0tEu+YmWStdn1tX
-0uet5hDxxvCa7xnxwdL8/zly5sD/ZKX4qL15MOW41ppl+0ghDMYi4xOzBkcldrGp
-YbiG4vA7
------END CERTIFICATE-----
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqWEBkVjnUyezkDQjIFcb
+DFLm11hBq55ZT8+hsKSXSHAzE8HU7NJhrvV60yQWJM6yCynFZDrbhPswczcmFJ04
+lSkwEko3BrN2wLixZPt5FM2IumYzw/KlecmonuS8zMtRmKpEze9+Mn/Oc4BvUH7N
+YiLJUIUWTqPhflR7rN9RE4UZXFsikruWCk1gjQhr0hfJfXeKpEK8OVyZF0K3PhSn
+FNovPp87J9rlLnYAGC71qqMjl5UidNIvTOM9emfePNbbfP6V98IjHHvrmJcUl0S5
+ZvOUWcTpJk3K8DrMMN8n6DQPU9qz3rifObQlYYDBCjODmpkUX31nDFrc8LycGHuK
+H4PWPsc+wDT3cK9Ts8hMqcM050jqL6H4AlD7DGxvRG1DzxBP8F0AZwP9alJefowb
+8YG0ToC1I29x3aZ7iM4BtAdKFJDj3+JFO9SY/yNzFbX4IOhiFj7acE7wySs1yIgr
+qPwfCm1KluVkOn0bHKtcFcThhYzVsUgAQG/274ytES302n/6EI+5oVbQbH8NyBrj
+tNx+ybW/hRs0C5yJAsTP8IIEAgh+KTKQOrXlj1jVaE6aW/mUY3/R1AaoOVdiztkY
+GZuJO/0Bi6BJrCprLyrUyq6gihU9Nc/T/koh1CvHeKgWRkXd/FsaLqJPPC2pyyIp
+f7zZ0xb7c9j/oveeuVjCdw0CAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/public/mx2.fripost.org.pem b/certs/public/mx2.fripost.org.pem
index 67a569d..3bdb105 100644
--- a/certs/public/mx2.fripost.org.pem
+++ b/certs/public/mx2.fripost.org.pem
@@ -1,35 +1,14 @@
------BEGIN CERTIFICATE-----
-MIIGAjCCBOqgAwIBAgISA2gRVOAfXdISGqICX+9aA7+kMA0GCSqGSIb3DQEBCwUA
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjAzMjcxNjEyMDBaFw0x
-NjA2MjUxNjEyMDBaMBoxGDAWBgNVBAMTD214Mi5mcmlwb3N0Lm9yZzCCAiIwDQYJ
-KoZIhvcNAQEBBQADggIPADCCAgoCggIBALQbPWAwWT9JwMkJ4V+O9lnlvhH+Mbj9
-OpJNy+Aeghevn9eKYNRhouHjqEvS9AfGAkykynnl0xaePg0koF1Eo7/J85HkZrxk
-khikZTYcXRvQxmD6zpU33DS5CH2Jcf2PR1lYrbTTn5emJ8WiUmY0jh941dr5IVKx
-xtdDXpb1fx/4vwJnsuZJfeJ1hVaOqBx0sOHz6pTdKYh3EG5H5uMaW1QQFsi3u6fq
-krwPYk2MS0+jOLgVBb2hDDSJS43rHpIJ37mHWhrB1uX0O1qSuMtefD9jQUQ8h2m4
-kiFwIilMG/89qkCkUfPuh/h7B7I3+aC7ItHWygPEcU16bYKUG8/5Yo8zsMJIu4N3
-DzC/DcoGDwoPsqjp0UMz84E0Mpup9eywIMdR101cR84GSCJnaPUYwz3kBQ3ep6ms
-fM3KijMEC/5tvlx+5QeZzCp2sqoZeqHdr+wDKx/RhtJKk6pmHIC4BwxEhl0hkVxO
-M+rMHwpUhVYTFC00/3OO/uVO3k6+b5F0WS0SY7jBpaXVb8SMuQ8q8+yoZ5M/pFrI
-YCIJyIHEDGR3N3kN6QLGcIHjqchbehOENj0xTxjgdEU7LPIb3ikeudppRLmYXzaD
-a+ucAozbljBHv7LjyDICaLtaC29lTkWgZA7tCcE2DwxK+FxgDlqUyucTBCz+ajjx
-1VZXhzoJZFczAgMBAAGjggIQMIICDDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYw
-FAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFBAM
-Y9xCJ+RcfJU9bEr7qoSjmrsHMB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/z
-qOyhMHAGCCsGAQUFBwEBBGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50
-LXgzLmxldHNlbmNyeXB0Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0Lmlu
-dC14My5sZXRzZW5jcnlwdC5vcmcvMBoGA1UdEQQTMBGCD214Mi5mcmlwb3N0Lm9y
-ZzCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYI
-KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
-AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
-YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
-aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
-cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQB+v4uAEenoNei+
-N6yPhW08XvqYlrKkmehzAKx9nF8LuPIPuDvjcaC83LwTC7gn9MHs5f6idKI2Brci
-0y6DdlVaMZT/Cs7Un3gqgQhzVMkgxstJwB+8Qtk1pGG5zGHQfs1mdgYDxCAHwRgO
-9FFydb1K+4gR+T/zoT1duFfjvsLZblWRixWKWW7QSaTuRGvjJbYwfefCGigQWWYz
-+JVlZZ2n0ibRh1WkfOXzc+m3j5/L9ylrKN2F5g590JxCWxHGmwbud6ZzuzDL9nhD
-D96X8Bygv1/ngAxEWufL8pLgOM5zczVPGKeQj9r41zIGT1YkU5cycCB92LndFy7O
-8CHueJ9m
------END CERTIFICATE-----
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAtBs9YDBZP0nAyQnhX472
+WeW+Ef4xuP06kk3L4B6CF6+f14pg1GGi4eOoS9L0B8YCTKTKeeXTFp4+DSSgXUSj
+v8nzkeRmvGSSGKRlNhxdG9DGYPrOlTfcNLkIfYlx/Y9HWVittNOfl6YnxaJSZjSO
+H3jV2vkhUrHG10NelvV/H/i/Amey5kl94nWFVo6oHHSw4fPqlN0piHcQbkfm4xpb
+VBAWyLe7p+qSvA9iTYxLT6M4uBUFvaEMNIlLjesekgnfuYdaGsHW5fQ7WpK4y158
+P2NBRDyHabiSIXAiKUwb/z2qQKRR8+6H+HsHsjf5oLsi0dbKA8RxTXptgpQbz/li
+jzOwwki7g3cPML8NygYPCg+yqOnRQzPzgTQym6n17LAgx1HXTVxHzgZIImdo9RjD
+PeQFDd6nqax8zcqKMwQL/m2+XH7lB5nMKnayqhl6od2v7AMrH9GG0kqTqmYcgLgH
+DESGXSGRXE4z6swfClSFVhMULTT/c47+5U7eTr5vkXRZLRJjuMGlpdVvxIy5Dyrz
+7Khnkz+kWshgIgnIgcQMZHc3eQ3pAsZwgeOpyFt6E4Q2PTFPGOB0RTss8hveKR65
+2mlEuZhfNoNr65wCjNuWMEe/suPIMgJou1oLb2VORaBkDu0JwTYPDEr4XGAOWpTK
+5xMELP5qOPHVVleHOglkVzMCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/certs/public/smtp.fripost.org.pem b/certs/public/smtp.fripost.org.pem
index 918da83..fa89958 100644
--- a/certs/public/smtp.fripost.org.pem
+++ b/certs/public/smtp.fripost.org.pem
@@ -1,35 +1,14 @@
------BEGIN CERTIFICATE-----
-MIIGBDCCBOygAwIBAgISA5ETsmCx/+miZsTxO22rq105MA0GCSqGSIb3DQEBCwUA
-MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA1MTcwODMyMDBaFw0x
-NjA4MTUwODMyMDBaMBsxGTAXBgNVBAMTEHNtdHAuZnJpcG9zdC5vcmcwggIiMA0G
-CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC4wO2IiiPCn9SEc7DRhayWqme2Ef31
-/lO2aFamTnUykDxmuKt8QSVbhN9LQ4dcH1n8CLc7pZvQD12bVu8B+ds50sjKlwEr
-rH/0NsQOOdR5zEhMdRZG8f75Nbvyz0NjMRClAXhc3aJKNJ2qcPOx66IbPbvrk+lf
-lCtQoIblMN/r4UhYMxHMqsZeFBAdI+6ns2pgyR9FOu9zDsTde1a7v2yzQLp1ewjj
-gj0XK0RLJZ8nsRmiOz9UrquYrHnBQkeOF5OK+T45wQdRCSjnmK4jP9nRbIIwLdUQ
-CLRB2Ji8uV8rtPTgFns8Dyx3/dFxgWVzXJwh6EodaWnCO0V8xTODjHMWiQQOobf1
-iEeo6krPq3v19j40c6p+EDLdRRqM/wNtAXS9lfoIDxv/z8Aa4gJpjJhnmkatStaD
-ldwOOPgf0/vtB/QoQJi4J5mLWkeZFl+HJPWrKJGtSCSi/9vndCL7FIbMk5B2d9rD
-IKs2xn3Et1DPV1zpI2vNcky/mebq+Cb2qDNlC5WEDrCIiiUhEJHjd4gdtF/Q6gom
-X8VmH7XigiNE4aVGuWgD9r7iZBFp4hCTw/iczZK9aMi6N6ZeTzLs0YAeR339J2ei
-yDV5aZd/BOepkDb9UYzBCBrU7uAOdCX69YA/FTNHXVYhYqWd14/bJnWKlUckd1D9
-5ioBZfdYQEHOyQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
-MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQn
-lA9Ej2gB1YNUZIYC5AnMWifuyTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv
-86jsoTBwBggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmlu
-dC14My5sZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
-bnQteDMubGV0c2VuY3J5cHQub3JnLzAbBgNVHREEFDASghBzbXRwLmZyaXBvc3Qu
-b3JnMIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAm
-BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUF
-BwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBv
-biBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRo
-IHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5j
-cnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAJyinLNO8G+O
-qNIakmDubWAL3e1TLbGeoxKoRvWX/03BW7tFz9qmKb7ff+6TkSuBxViVPuo9R/O8
-DueDCGTxzQwstqOafgNRpS7qm34/hXen2zbof0TArJ+jUiJqYBjrzp7wJYO2E5JL
-wsY2LyTJKghlfsHsK1mHwTSNS3yMkiGbCSowPy3INLG0qs5Odu9eUQkRVKjPvqJ8
-vddeDuHYLqKMmsNGXrKJj4J7PY6A8UURWs/2N6ax2Xibfo7Haw62aYw68Xz+VKQP
-CTa3qQCrOXsqYRbAWEmwIBdhrE42HQdoYDTtcTAX/s+qCmWwA2n2wH7nn2Di3CJH
-5X4GTyu3ta4=
------END CERTIFICATE-----
+-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAuMDtiIojwp/UhHOw0YWs
+lqpnthH99f5TtmhWpk51MpA8ZrirfEElW4TfS0OHXB9Z/Ai3O6Wb0A9dm1bvAfnb
+OdLIypcBK6x/9DbEDjnUecxITHUWRvH++TW78s9DYzEQpQF4XN2iSjSdqnDzseui
+Gz2765PpX5QrUKCG5TDf6+FIWDMRzKrGXhQQHSPup7NqYMkfRTrvcw7E3XtWu79s
+s0C6dXsI44I9FytESyWfJ7EZojs/VK6rmKx5wUJHjheTivk+OcEHUQko55iuIz/Z
+0WyCMC3VEAi0QdiYvLlfK7T04BZ7PA8sd/3RcYFlc1ycIehKHWlpwjtFfMUzg4xz
+FokEDqG39YhHqOpKz6t79fY+NHOqfhAy3UUajP8DbQF0vZX6CA8b/8/AGuICaYyY
+Z5pGrUrWg5XcDjj4H9P77Qf0KECYuCeZi1pHmRZfhyT1qyiRrUgkov/b53Qi+xSG
+zJOQdnfawyCrNsZ9xLdQz1dc6SNrzXJMv5nm6vgm9qgzZQuVhA6wiIolIRCR43eI
+HbRf0OoKJl/FZh+14oIjROGlRrloA/a+4mQRaeIQk8P4nM2SvWjIujemXk8y7NGA
+Hkd9/Sdnosg1eWmXfwTnqZA2/VGMwQga1O7gDnQl+vWAPxUzR11WIWKlndeP2yZ1
+ipVHJHdQ/eYqAWX3WEBBzskCAwEAAQ==
+-----END PUBLIC KEY-----
diff --git a/roles/IMAP/tasks/imap.yml b/roles/IMAP/tasks/imap.yml
index a596c42..d7bbfb9 100644
--- a/roles/IMAP/tasks/imap.yml
+++ b/roles/IMAP/tasks/imap.yml
@@ -80,7 +80,7 @@
- name: Fetch Dovecot's X.509 certificate
# Ensure we don't fetch private data
become: False
- fetch_cmd: cmd="openssl x509"
+ fetch_cmd: cmd="openssl x509 -noout -pubkey"
stdin=/etc/dovecot/ssl/imap.fripost.org.pem
dest=certs/public/imap.fripost.org.pem
tags:
diff --git a/roles/MSA/tasks/main.yml b/roles/MSA/tasks/main.yml
index d9a3d47..7ae2680 100644
--- a/roles/MSA/tasks/main.yml
+++ b/roles/MSA/tasks/main.yml
@@ -28,7 +28,7 @@
# Ensure we don't fetch private data
become: False
# `/usr/sbin/postmulti -i msa -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
- fetch_cmd: cmd="openssl x509"
+ fetch_cmd: cmd="openssl x509 -noout -pubkey"
stdin=/etc/postfix/ssl/smtp.fripost.org.pem
dest=certs/public/smtp.fripost.org.pem
tags:
diff --git a/roles/MX/tasks/main.yml b/roles/MX/tasks/main.yml
index 62ffa02..f95945c 100644
--- a/roles/MX/tasks/main.yml
+++ b/roles/MX/tasks/main.yml
@@ -82,7 +82,7 @@
# Ensure we don't fetch private data
become: False
# `/usr/sbin/postmulti -i mx -x /usr/sbin/postconf -xh smtpd_tls_cert_file`
- fetch_cmd: cmd="openssl x509"
+ fetch_cmd: cmd="openssl x509 -noout -pubkey"
stdin=/etc/postfix/ssl/mx.fripost.org.pem
dest=certs/public/mx{{ mxno | default('') }}.fripost.org.pem
tags:
diff --git a/roles/git/tasks/cgit.yml b/roles/git/tasks/cgit.yml
index 532ca10..48f4d18 100644
--- a/roles/git/tasks/cgit.yml
+++ b/roles/git/tasks/cgit.yml
@@ -105,7 +105,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
become: False
- fetch_cmd: cmd="openssl x509"
+ fetch_cmd: cmd="openssl x509 -noout -pubkey"
stdin=/etc/nginx/ssl/git.fripost.org.pem
dest=certs/public/git.fripost.org.pem
tags:
diff --git a/roles/lists/tasks/nginx.yml b/roles/lists/tasks/nginx.yml
index caa1abf..fa52781 100644
--- a/roles/lists/tasks/nginx.yml
+++ b/roles/lists/tasks/nginx.yml
@@ -28,7 +28,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
become: False
- fetch_cmd: cmd="openssl x509"
+ fetch_cmd: cmd="openssl x509 -noout -pubkey"
stdin=/etc/nginx/ssl/lists.fripost.org.pem
dest=certs/public/lists.fripost.org.pem
tags:
diff --git a/roles/webmail/tasks/roundcube.yml b/roles/webmail/tasks/roundcube.yml
index 998026c..24f8fa7 100644
--- a/roles/webmail/tasks/roundcube.yml
+++ b/roles/webmail/tasks/roundcube.yml
@@ -139,7 +139,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
become: False
- fetch_cmd: cmd="openssl x509"
+ fetch_cmd: cmd="openssl x509 -noout -pubkey"
stdin=/etc/nginx/ssl/mail.fripost.org.pem
dest=certs/public/mail.fripost.org.pem
tags:
diff --git a/roles/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
index 5713513..c07d4f7 100644
--- a/roles/wiki/tasks/main.yml
+++ b/roles/wiki/tasks/main.yml
@@ -102,7 +102,7 @@
- name: Fetch Nginx's X.509 certificate
# Ensure we don't fetch private data
become: False
- fetch_cmd: cmd="openssl x509"
+ fetch_cmd: cmd="openssl x509 -noout -pubkey"
stdin=/etc/nginx/ssl/www.fripost.org.pem
dest=certs/public/fripost.org.pem
tags: