Let's Encrypt

author: Guilhem Moulin <guilhem@fripost.org> 2016-02-27 00:45:50 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2016-03-02 21:38:37 +0100
commit: ed8cf1de7e87ff6496db46f17fb4bcfc90ccf48f (patch)
tree: 9bca7dd3fc058ca0470ceefe742d2ae19df94a3e
parent: 4a3f204a3d285a377161efb2dbeec73d329e6d1a (diff)
21 files changed, 463 insertions, 78 deletions
diff --git a/certs/public/fripost.org.pem b/certs/public/fripost.org.pem
index 6138e4d..c1b6105 100644
--- a/certs/public/fripost.org.pem
+++ b/certs/public/fripost.org.pem
@@ -33,3 +33,30 @@ vBjnJRKA/90/5U6VMHUiBkor4hMwzfuUCZdgNKvVeGhDWVUr0OLOnW+b8MnmLz87
 LvxR5DgqyxlKqq6CqsGzzLs6qdFqAiZjB7cF2s7e/Wi3nVDFr8Qb1TlxdlkQ15ka
 xbvhxUD0YHOsO+hGiwbo6gAeFrzP3uxTTzhrtHnZgOVZ
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/certs/public/git.fripost.org.pem b/certs/public/git.fripost.org.pem
index 65fd6f3..1810c03 100644
--- a/certs/public/git.fripost.org.pem
+++ b/certs/public/git.fripost.org.pem
@@ -33,3 +33,30 @@ lPztlpkJsZCGa5lplpi6EvS6wzFkZuWQYHaxqb9L0dN9SVu4YwshEBoKdUMIxSeM
 hD6Dq0ebWLYRWg2AHHnF1xtbfUqQLw1kqbdgcl3vcsoDPt5nDkStMIVcd20nR1W6
 KGZ8K+jB
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/certs/public/imap.fripost.org.pem b/certs/public/imap.fripost.org.pem
index 1896b4a..603cf73 100644
--- a/certs/public/imap.fripost.org.pem
+++ b/certs/public/imap.fripost.org.pem
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIGFzCCBP+gAwIBAgISAeKF61Exi1Bd4jXjTumceSXeMA0GCSqGSIb3DQEBCwUA
+MIIGFzCCBP+gAwIBAgISAcDSL09mzRBuF3NdTVKwGu4EMA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDgxOTU5MDBaFw0x
-NjAzMDcxOTU5MDBaMBsxGTAXBgNVBAMTEGltYXAuZnJpcG9zdC5vcmcwggIiMA0G
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjAzMDBaFw0x
+NjA1MjYyMjAzMDBaMBsxGTAXBgNVBAMTEGltYXAuZnJpcG9zdC5vcmcwggIiMA0G
 CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDZaLXYYngW1ioTzfNRtmUeFh9Kopdi
 1qfcpRdPwTndRJRfWNC8eA66gDsypYAHc2TlKW86H5ktSpl4ZxmeXTPvK1Ajfe5u
 MkOwIHrjHCqKtXXYq4VX0bPCBNSAtT6X1/unBebEoMl/SX6R6m78lEc2020bW7vT
@@ -26,10 +26,37 @@ Y3J5cHQub3JnMIGrBggrBgEFBQcCAjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5
 IG9ubHkgYmUgcmVsaWVkIHVwb24gYnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5
 IGluIGFjY29yZGFuY2Ugd2l0aCB0aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5k
 IGF0IGh0dHBzOi8vbGV0c2VuY3J5cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3
-DQEBCwUAA4IBAQAS2kt6KFeNkudjNucQcxQv9qx2skPil5Sh1YqeJF76tkVH0nno
-0JofNwz97Kzn73VKYCBMiL7VsbK2mOskfl2kl+G9vlY+S5ElQM0zZQMT6XgDKJs7
-a2hVADdca4GAldu9KGjHxiERX6I2tfZ59CH3/OXpHbhT+IE8HqOLpT7Dsl9n6IKA
-QlCuDIjEYSPq6f+ob7asivKNZJIUIWpzzEjudRCbEvijS6Nae4O79sS0UUpqqPws
-17iXYORZJ+hvPglCZK6z9zinZaTPoAHE2UhaJN7fqPF3opvmjiSZkDFFFvA41lkt
-gLrdsIE8QxR3riA2fBtMjuEdUmcc5HUNRVW/
+DQEBCwUAA4IBAQBQ6y1VDo4ALoEB7Y84SwzoiREWuoaNzDYSdg2iFZY0aUNhzfxl
+kYOzbgNbD3NAMlc81qgSQxASIYa+8JEU0RW18gJnT4gEIUxIAstSTMffwONW7lod
+RkQO+qGrKep8ws9as2H2xyn7fCxEjLnvIgPF9MpmlUKcXoSBi79PMmLL0KTQ+P/p
+G3be0Me8nxP2chAKWR+7uCISz9Xl0rmxp91eAbo8yhgT0BCza3jWK34Of1ee6YQI
+pDZnGgKcki2SOJura6VWPn/iH/zjf9nYKzhBQGW+Ocnax7jDaZWx/hfDboaf5OIg
+tOziZt0yVPXDUBkSUc6UvNs9gNqIPMczOMym
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
 -----END CERTIFICATE-----
diff --git a/certs/public/lists.fripost.org.pem b/certs/public/lists.fripost.org.pem
index 7e04b9a..3c5eca8 100644
--- a/certs/public/lists.fripost.org.pem
+++ b/certs/public/lists.fripost.org.pem
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIGBjCCBO6gAwIBAgISAUJ3fVQbiEbMMnke9mXi7hwwMA0GCSqGSIb3DQEBCwUA
+MIIGBjCCBO6gAwIBAgISAdoeEJLDqjBmbnNMHs/Rk0iNMA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDgxODEzMDBaFw0x
-NjAzMDcxODEzMDBaMBwxGjAYBgNVBAMTEWxpc3RzLmZyaXBvc3Qub3JnMIICIjAN
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjI0MDBaFw0x
+NjA1MjYyMjI0MDBaMBwxGjAYBgNVBAMTEWxpc3RzLmZyaXBvc3Qub3JnMIICIjAN
 BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxy2uS+XBKPzAqj72knb7BOxowvWc
 vtXzCWtU0QBxkcjwPIuXT5tO3/VWOTV3TZZD4rLX1W9hHk+YB7sC+a9SG8FnNnp6
 L02NIfZf+PmI2FSimA+8E9aA5tmh1zYs4vyT3cre4TUceOfmqa7umsmkRA7pMNzo
@@ -25,11 +25,38 @@ MCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYB
 BQUHAgIwgZ4MgZtUaGlzIENlcnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1
 cG9uIGJ5IFJlbHlpbmcgUGFydGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdp
 dGggdGhlIENlcnRpZmljYXRlIFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNl
-bmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAB2LfUsTB
-hLYAAsRpsHiGvJunfsiFUA4lWWAXD4fQ2LND60uv3yK7H+EKJRCZmkgTty5tIOHe
-C9Yb8oyjE6g9Irg7viPgab+Ago+ILi+TbP2VwjKO1ggmvpLmFLxA7hGG6e8MOJx2
-9TufciFTouIKUznmWGNXVPEOMvDjrZYrzngaYP9LC1jHa94hyAGBOCSeLGotzdPo
-RLzvROggglmWo8gLG6qjJD5m4QSaUG90OMyd6WUftEd+6iUb/vc6/1QjHnxyozEQ
-sQovX2l5LL9HKPvoQzZbvxdPt7fzufI152izY3A9UfMfgb56XoD6NP9MHt9HlX0C
-aNpaKPrfsIApHg==
+bmNyeXB0Lm9yZy9yZXBvc2l0b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEAKOH6lEPz
+s1+VZJvtH2EQlUOReTBqABaSQWozhhzZa0VnYbP6o6ZPTuPdM1QxmZxx5o514iQc
+I5pmC0NXi7LlZaeebhO72MM0KUgZYhKqgdpWNYYlSEHb4HmdLMKFfNr1f11JsgUF
+tluX9RKTUDrlOSVnVQGylDO1ipx/1FQcR1nWWYG6vIz0aCSaFAogIPi04o4u58Kc
+o1nVroyY7APd/ac/qwR7fr/4WmN6VzPH00e6c0i9sU2Ndgy7n686BEtF1utAShqX
+DXqaJUzHyL7HqV9VSZCh+UYgDm7OOKzgGMelhcj3x6FMjXSduBCp7M5iUmAUuZuO
+M7IKcUm7RqayAA==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
 -----END CERTIFICATE-----
diff --git a/certs/public/mail.fripost.org.pem b/certs/public/mail.fripost.org.pem
index 8d64f50..8db6fdb 100644
--- a/certs/public/mail.fripost.org.pem
+++ b/certs/public/mail.fripost.org.pem
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIGGTCCBQGgAwIBAgISAc9Od/F2ZI9NBTwVRRs9P5QGMA0GCSqGSIb3DQEBCwUA
+MIIGGTCCBQGgAwIBAgISAfROB3ZOdrEGD0kX+6BsbL83MA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMDgxOTQ2MDBaFw0x
-NjAzMDcxOTQ2MDBaMBsxGTAXBgNVBAMTEG1haWwuZnJpcG9zdC5vcmcwggIiMA0G
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjE0MDBaFw0x
+NjA1MjYyMjE0MDBaMBsxGTAXBgNVBAMTEG1haWwuZnJpcG9zdC5vcmcwggIiMA0G
 CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAW/LL+h8Iqhv+6MhmqNCEmXBb822T
 C+uVIGS2wY4sWMl2A7wkldmG7huERI0ornL2R2ypnEV9Rlv8YdnBfnuDGRKNr3DE
 JBgVZFfel3XDlne4U/oQFpFJFi7DkCpU+tpAsadt6TmiLgW3PsQRwDiCuEpfGKmo
@@ -26,10 +26,37 @@ ZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBt
 YXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9u
 bHkgaW4gYWNjb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91
 bmQgYXQgaHR0cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZI
-hvcNAQELBQADggEBAH0J8G1vhKLfTPsE0CNXzKNRk8BtL9zjoAPacX4B3L35UMzU
-WiiJyFueX8haqtU9SfI27fvEml9hhpTUkCkcybMOlmhtMbdRsjqLdskT6LIPMmy1
-Zaw1KzVhyKQ9n+GJKqLWjiPjL/n68SbBofG5ECRbs3xunwk1rjpaKfLQgwqYQWhl
-5hPZoqvtX9FgkYSOQm3do9LbXwotP8O4IV5934Usg6Z1u7PBApVXGnC2XyLNC6d3
-M/hUhNzzSgiJcgi6jysjtSbhV2zxd3vXCyzQpwGE/O9Guk94xmPG2abQmK87rYDi
-4H0Uk1JSUA9QI5N28cBCgbFbggqb4XcF9TjXTY8=
+hvcNAQELBQADggEBAGp4lS+xoaHAoUVoTEqe3h6AJO0ZcYTa2WGUDlx/9Do/i2H3
+dC9yF0pZlR0F+6snyryNfUNG5/MsSoy/S+3JxFVyBFnSD7k0bJDuRSnzhImPa7bw
+DqQcNcyp71mibCkvnMMpfX0/ooxi+vCYWt+67uOP15y8WZXjNOQXR9EI8rI4TpBX
+tQrUKotXcHFYC6qPk0K01bKGJ5PbVB2EDWTujOkWtRU0mQJ1EjJOANpUaHN7HvMS
+39F1CA1UYIqT687wB62pm2CmTOCkwCNcsqdJIqbFMYbi8nc6id1R8r33XV4bkfGf
+wGZWUcmZ/5kKpLKq8Y6tx5cIo5wNleyvsLRgfrI=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
 -----END CERTIFICATE-----
diff --git a/certs/public/mx1.fripost.org.pem b/certs/public/mx1.fripost.org.pem
index 9077133..c34c686 100644
--- a/certs/public/mx1.fripost.org.pem
+++ b/certs/public/mx1.fripost.org.pem
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIGAjCCBOqgAwIBAgISARXQ7SpFB4qRwSLt1oUKpDElMA0GCSqGSIb3DQEBCwUA
+MIIGAjCCBOqgAwIBAgISAVdxQrAs1D5deToPt/kfU4xTMA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMTYwMDIzMDBaFw0x
-NjAzMTUwMDIzMDBaMBoxGDAWBgNVBAMTD214MS5mcmlwb3N0Lm9yZzCCAiIwDQYJ
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjE3MDBaFw0x
+NjA1MjYyMjE3MDBaMBoxGDAWBgNVBAMTD214MS5mcmlwb3N0Lm9yZzCCAiIwDQYJ
 KoZIhvcNAQEBBQADggIPADCCAgoCggIBAKlhAZFY51Mns5A0IyBXGwxS5tdYQaue
 WU/PobCkl0hwMxPB1OzSYa71etMkFiTOsgspxWQ624T7MHM3JhSdOJUpMBJKNwaz
 dsC4sWT7eRTNiLpmM8PypXnJqJ7kvMzLUZiqRM3vfjJ/znOAb1B+zWIiyVCFFk6j
@@ -25,11 +25,38 @@ KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
 AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
 YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
 aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
-cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBz9jeaYmoqxSx4
-mf4w6HcKt14vE2tVXuBLcx4BPmK6E7dfUFWw1td9y+252n13BsspKZA2QYDLb6rN
-0F/p0x0JF5AGAijdFyqsEl3N/IJC2bcpt8eyxc+B3phl7Qzl1HnzO/1Y7BNOiGca
-xJ+0dPIGhkhSjzbAj1f3YJyofFcQhHx/r+tOy55O6pxlVRjXLBd1ZtCLRGVGdO2g
-Ecjc+YrYlsiimoHQpizNih1PHzuY/XyHJJeeNGgRPJMYrKrCCiOp/iJUAvOxzCTF
-r27HVf+ZVkFikYllNB0IJB/tNlxj4cOkAXRwLZtN2a7gELTQm9XG5APErq15JK06
-Du+Xy8Mq
+cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQBgaZ0iplVJvoBr
+mHfBzfZWyINItsauI3uKCBmc7pVau64yJk0KaM+1WkrgTjmUp1cRNFVTLPjlZ0oA
+xNKJpyQGNNCnqQHYl2xA54uZRlBgte7HsZCiqkhiE0wpBYdr/fSNiC71BOb/1pY2
+Iv9/kWZaUeFjK9/2Z04a0qqPmfv48c8XQQV/HyTKnnNtOvCKKZvwh4oTABTaLci0
+bYZt1tHGFOE1DHN6jrO1S3RmBDYNHcLp9MVhGP/M1HRz3b1M8sw+D5u9E0rdKtDM
+f54j4TL75mlMbSIWmwt6nCCkXpnW3olrn/HlWq7yN9oSXUUPkE3ftSUpqWLJCtVw
+e1rSnzvb
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
 -----END CERTIFICATE-----
diff --git a/certs/public/mx2.fripost.org.pem b/certs/public/mx2.fripost.org.pem
index c743fa5..2080ee5 100644
--- a/certs/public/mx2.fripost.org.pem
+++ b/certs/public/mx2.fripost.org.pem
@@ -33,3 +33,30 @@ x+90BDLE9OiNGjPe/a7uTrCi/FJ8ESCHcX+0yiDXMDP/1Kdy0XPUle+gAqJUUM1R
 H0XPnh3lr4k8L/jJeK8tNa3QVnVxPGV5ZDotqQrZKG47nEZgNcXPxxe6otjneZXR
 LQFrwFiZ
 -----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/certs/public/smtp.fripost.org.pem b/certs/public/smtp.fripost.org.pem
index 81a1325..269f4b5 100644
--- a/certs/public/smtp.fripost.org.pem
+++ b/certs/public/smtp.fripost.org.pem
@@ -1,8 +1,8 @@
 -----BEGIN CERTIFICATE-----
-MIIGBDCCBOygAwIBAgISAT/ZlANJISFHRihAoZ7zCz9AMA0GCSqGSIb3DQEBCwUA
+MIIGBDCCBOygAwIBAgISAflSQ5zfHu04ZufVd2qw+vHMMA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNTEyMTYwMDU3MDBaFw0x
-NjAzMTUwMDU3MDBaMBsxGTAXBgNVBAMTEHNtdHAuZnJpcG9zdC5vcmcwggIiMA0G
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTAeFw0xNjAyMjYyMjA0MDBaFw0x
+NjA1MjYyMjA0MDBaMBsxGTAXBgNVBAMTEHNtdHAuZnJpcG9zdC5vcmcwggIiMA0G
 CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC4wO2IiiPCn9SEc7DRhayWqme2Ef31
 /lO2aFamTnUykDxmuKt8QSVbhN9LQ4dcH1n8CLc7pZvQD12bVu8B+ds50sjKlwEr
 rH/0NsQOOdR5zEhMdRZG8f75Nbvyz0NjMRClAXhc3aJKNJ2qcPOx66IbPbvrk+lf
@@ -25,11 +25,38 @@ BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUF
 BwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBv
 biBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRo
 IHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5j
-cnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAEvepC7eMCHI
-2yHZx3lSg8KJluZxsW0XlCL6BDupcMKxXQ2DAvhd/d+pnxKQVQ+40Y4NUZGTz1w/
-tZA9lKQn14aQ6o31UKuRSm+FB7zCeLBm3uqxevk8NOcrt1kxvdjul5xYv6t5tLpZ
-Dqk0sM+Lg1/qgTj1IuEQ4rc0RUqoCr2WG0HOW0a8tqWOBDKZDja8r82AhjgT7c21
-2Iz2ItsavlgsW6Gx8OX0gRmoaS3AQ+8dcg99uhajkd5ixkJF09zuqa5Rd87sAjmN
-fmqU/Ok3VUZr1DSrnBc2lt+vhCB8Sn9FcS6BDO3eGy4P8Gy6fES51Bb9MgB6bXOr
-TB5QdMpaRG8=
+cnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAGaoBeW0LSkH
+slGZ5nfB6G7ElqQH1Mue9X8IunFmFuOyRn2ceY6/hn2dwniP+jb6oEk3i68zURW4
+jrh9eJJ6+7al9wZEr5jtnQjZCd8+clArBHRBb1y7dmxqcg4lihh27yzH4W51Fv/e
+pxIx709PT0MyRSsOQ4C6qiM5F0bCL2qiOHMA/jy/LA9pbyjmuc+K+9hJKT/EZcOh
+JQ+0xSy9/HHVvaFsoMgLkUn0147Glrqm8RxwyeSVOf/BFcE4KeirfQewa4pRYRD3
+8e15+JLbfJsOEIhT7LVoFFIwaAU4zAHJgl4/JTjKpFQsyuvyuTCHnMPhoc9fS/tv
+Gcwciaov6NE=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
 -----END CERTIFICATE-----
diff --git a/common.yml b/common.yml
index cdf4372..2a062ee 100644
--- a/common.yml
+++ b/common.yml
@@ -12,30 +12,11 @@
   roles:
     - common
 
-- name: Base system
+- name: Let's Encrypt
   hosts: IMAP:MX:MSA:webmail:lists:wiki:git
   gather_facts: False
-  tasks:
-    - name: Install dependencies for letsencrypt-tiny
-      apt: pkg={{ item }}
-      with_items:
-        - liblwp-protocol-https-perl
-        - socat
-    - name: Copy LetsEncrypt's ACME client
-      copy: src=deb/letsencrypt-tiny_0.1-1_all.deb
-            dest=/tmp
-      notify: Install LetsEncrypt's ACME client
-    - name: Create a user 'letsencrypt'
-      user: name=letsencrypt system=yes
-            group=nogroup
-            createhome=no
-            home=/nonexistent
-            shell=/usr/sbin/nologin
-            password=!
-            state=present
-  handlers:
-    - name: Install LetsEncrypt's ACME client
-      apt: deb=/tmp/letsencrypt-tiny_0.1-1_all.deb
+  roles:
+    - letsencrypt
   tags:
    - letsencrypt
 
diff --git a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
index 114388e..dc0b5bf 100644
--- a/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
+++ b/roles/IMAP/files/etc/dovecot/conf.d/10-ssl.conf
@@ -9,7 +9,7 @@ ssl = required
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root. Included doc/mkcert.sh can be used to easily generate self-signed
 # certificate, just make sure to update the domains in dovecot-openssl.cnf
-ssl_cert = </etc/dovecot/ssl/imap.fripost.org.chained.pem
+ssl_cert = </etc/dovecot/ssl/imap.fripost.org.pem
 ssl_key = </etc/dovecot/ssl/imap.fripost.org.key
 
 # If key file is password protected, give the password here. Alternatively
diff --git a/roles/MSA/templates/etc/postfix/main.cf.j2 b/roles/MSA/templates/etc/postfix/main.cf.j2
index caba881..24b83c6 100644
--- a/roles/MSA/templates/etc/postfix/main.cf.j2
+++ b/roles/MSA/templates/etc/postfix/main.cf.j2
@@ -75,7 +75,7 @@ smtp_tls_fingerprint_digest     = sha256
 {% endif %}
 
 smtpd_tls_security_level        = encrypt
-smtpd_tls_cert_file             = /etc/postfix/ssl/smtp.fripost.org.chained.pem
+smtpd_tls_cert_file             = /etc/postfix/ssl/smtp.fripost.org.pem
 smtpd_tls_key_file              = /etc/postfix/ssl/smtp.fripost.org.key
 smtpd_tls_dh1024_param_file     = /etc/ssl/private/dhparams.pem
 smtpd_tls_session_cache_database= btree:$data_directory/smtpd_tls_session_cache
diff --git a/roles/MX/templates/etc/postfix/main.cf.j2 b/roles/MX/templates/etc/postfix/main.cf.j2
index 0259538..a9e7ee4 100644
--- a/roles/MX/templates/etc/postfix/main.cf.j2
+++ b/roles/MX/templates/etc/postfix/main.cf.j2
@@ -93,7 +93,7 @@ smtp_tls_fingerprint_digest     = sha256
 
 smtpd_tls_security_level        = may
 smtpd_tls_exclude_ciphers       = EXPORT, LOW, MEDIUM, aNULL, eNULL, DES, RC4, MD5
-smtpd_tls_cert_file             = /etc/postfix/ssl/mx.fripost.org.chained.pem
+smtpd_tls_cert_file             = /etc/postfix/ssl/mx.fripost.org.pem
 smtpd_tls_key_file              = /etc/postfix/ssl/mx.fripost.org.key
 smtpd_tls_dh1024_param_file     = /etc/ssl/private/dhparams.pem
 smtpd_tls_CApath                = /etc/ssl/certs/
diff --git a/roles/git/files/etc/nginx/sites-available/git b/roles/git/files/etc/nginx/sites-available/git
index afb5fca..a78ef3f 100644
--- a/roles/git/files/etc/nginx/sites-available/git
+++ b/roles/git/files/etc/nginx/sites-available/git
@@ -22,7 +22,7 @@ server {
     server_name  git.fripost.org;
 
     include snippets/ssl.conf;
-    ssl_certificate     /etc/nginx/ssl/git.fripost.org.chained.pem;
+    ssl_certificate     /etc/nginx/ssl/git.fripost.org.pem;
     ssl_certificate_key /etc/nginx/ssl/git.fripost.org.key;
 
     access_log /var/log/nginx/git.access.log;
diff --git a/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf b/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf
new file mode 100644
index 0000000..fb19d2a
--- /dev/null
+++ b/roles/letsencrypt/files/etc/letsencrypt-tiny/letsencrypt.conf
@@ -0,0 +1,86 @@
+# For certificate issuance (new-cert command), specify the certificate
+# configuration file to use
+#
+#config-certs = config/letsencrypt-certs.conf
+
+[client]
+# The value of "socket" specifies the letsencrypt-accountd(1)
+# UNIX-domain socket to connect to for signature requests from the ACME
+# client.  letsencrypt aborts if the socket is readable or writable by
+# other users, or if its parent directory is writable by other users.
+# Default: "$XDG_RUNTIME_DIR/S.letsencrypt" if the XDG_RUNTIME_DIR
+# environment variable is set.
+#
+#socket = /run/user/1000/S.letsencrypt
+
+# username to drop privileges to (setting both effective and real uid).
+# Preserve root privileges if the value is empty (not recommended).
+# Default: "nobody".
+#
+user = letsencrypt
+
+# groupname to drop privileges to (setting both effective and real gid,
+# and also setting the list of supplementary gids to that single group).
+# Preserve root privileges if the value is empty (not recommended).
+#
+group = nogroup
+
+# Path to the ACME client executable.
+#command = /usr/lib/letsencrypt-tiny/client
+
+# Root URI of the ACME server.  NOTE: Use the staging server for testing
+# as it has relaxed ratelimit.
+#
+#server = https://acme-v01.api.letsencrypt.org/
+#server = https://acme-staging.api.letsencrypt.org/
+
+# Timeout in seconds after which the client stops polling the ACME
+# server and considers the request failed.
+#
+#timeout = 10
+
+# Whether to verify the server certificate chain.
+SSL_verify = yes
+
+# Specify the version of the SSL protocol used to transmit data.
+SSL_version = SSLv23:!TLSv1_1:!TLSv1:!SSLv3:!SSLv2
+
+# Specify the cipher list for the connection.
+SSL_cipher_list = EECDH+AESGCM:!MEDIUM:!LOW:!EXP:!aNULL:!eNULL
+
+
+[webserver]
+
+# Specify the local address to listen on, in the form ADDRESS[:PORT].
+#
+#listen = 0.0.0.0:80
+#listen = [::]:80
+
+# If a webserver is already running, specify a non-existent directory
+# under which the webserver is configured to serve GET requests for
+# challenge files under "/.well-known/acme-challenge/" (for each virtual
+# hosts requiring authorization) as static files.
+#
+challenge-directory = /var/www/acme-challenge
+
+# username to drop privileges to (setting both effective and real uid).
+# Preserve root privileges if the value is empty (not recommended).
+#
+user = www-data
+
+# groupname to drop privileges to (setting both effective and real gid,
+# and also setting the list of supplementary gids to that single group).
+# Preserve root privileges if the value is empty (not recommended).
+#
+user = www-data
+
+# Path to the ACME webserver executable.
+#command = /usr/lib/letsencrypt-tiny/webserver
+
+# Whether to automatically install iptables(1) rules to open the
+# ADDRESS[:PORT] specified with listen.  Theses rules are automatically
+# removed once letsencrypt exits.
+#
+#iptables = Yes
+
+; vim:ft=dosini
diff --git a/roles/letsencrypt/handlers/main.yml b/roles/letsencrypt/handlers/main.yml
new file mode 100644
index 0000000..d9eed44
--- /dev/null
+++ b/roles/letsencrypt/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: Install LetsEncrypt's ACME client
+  apt: deb=/tmp/letsencrypt-tiny_0.1-1_all.deb
diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml
new file mode 100644
index 0000000..c7ef7ef
--- /dev/null
+++ b/roles/letsencrypt/tasks/main.yml
@@ -0,0 +1,37 @@
+- name: Install dependencies for letsencrypt-tiny
+  apt: pkg={{ item }}
+  with_items:
+    - libjson-perl
+    - libjson-xs-perl
+    - libconfig-tiny-perl
+    - libwww-perl
+    - liblwp-protocol-https-perl
+    - libnet-ssleay-perl
+
+- name: Copy LetsEncrypt's ACME client
+  copy: src=deb/letsencrypt-tiny_0.1-1_all.deb
+        dest=/tmp
+  notify: Install LetsEncrypt's ACME client
+
+- meta: flush_handlers
+
+- name: Create a user 'letsencrypt'
+  user: name=letsencrypt system=yes
+        group=nogroup
+        createhome=no
+        home=/nonexistent
+        shell=/usr/sbin/nologin
+        password=!
+        state=present
+
+- name: Copy letsencrypt-tiny/letsencrypt-certs.conf
+  copy: src=etc/letsencrypt-tiny/letsencrypt.conf
+        dest=/etc/letsencrypt-tiny/letsencrypt.conf
+        owner=root group=root
+        mode=0644
+
+- name: Copy letsencrypt-tiny/letsencrypt-certs.conf
+  template: src=etc/letsencrypt-tiny/letsencrypt-certs.conf.j2
+            dest=/etc/letsencrypt-tiny/letsencrypt-certs.conf
+            owner=root group=root
+            mode=0644
diff --git a/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2 b/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2
new file mode 100644
index 0000000..fef5c62
--- /dev/null
+++ b/roles/letsencrypt/templates/etc/letsencrypt-tiny/letsencrypt-certs.conf.j2
@@ -0,0 +1,63 @@
+hash = sha512
+keyusage = digitalSignature, keyEncipherment
+
+{% if 'IMAP' in group_names %}
+[imap]
+certificate-key = /etc/dovecot/ssl/imap.fripost.org.key
+certificate-chain = /etc/dovecot/ssl/imap.fripost.org.pem
+subject = /O=Fripost/CN=imap.fripost.org
+subjectAltName = DNS:imap.fripost.org,DNS:sieve.fripost.org
+notify = /bin/systemctl restart dovecot
+{% endif %}
+
+{% if 'MSA' in group_names %}
+[smtp]
+certificate-key = /etc/postfix/ssl/smtp.fripost.org.key
+certificate-chain = /etc/postfix/ssl/smtp.fripost.org.pem
+subject = /O=Fripost/CN=smtp.fripost.org
+notify = /bin/systemctl restart postfix
+{% endif %}
+
+{% if 'MX' in group_names %}
+[mx]
+certificate-key = /etc/postfix/ssl/mx.fripost.org.key
+certificate-chain = /etc/postfix/ssl/mx.fripost.org.pem
+subject = /O=Fripost/CN=mx{{ mxno }}.fripost.org
+notify = /bin/systemctl restart postfix
+{% endif %}
+
+{% if 'lists' in group_names %}
+[lists]
+certificate-key = /etc/nginx/ssl/lists.fripost.org.key
+certificate-chain = /etc/nginx/ssl/lists.fripost.org.pem
+subject = /O=Fripost/CN=lists.fripost.org
+notify = /bin/systemctl restart nginx
+{% endif %}
+
+{% if 'wiki' in group_names %}
+[www]
+certificate-key = /etc/nginx/ssl/www.fripost.org.key
+certificate-chain = /etc/nginx/ssl/www.fripost.org.pem
+subject = /O=Fripost/CN=fripost.org
+subjectAltName = DNS:fripost.org,DNS:www.fripost.org,DNS:wiki.fripost.org
+notify = /bin/systemctl restart nginx
+{% endif %}
+
+{% if 'webmail' in group_names %}
+[webmail]
+certificate-key = /etc/nginx/ssl/mail.fripost.org.key
+certificate-chain = /etc/nginx/ssl/mail.fripost.org.pem
+subject = /O=Fripost/CN=mail.fripost.org
+subjectAltName = DNS:mail.fripost.org,DNS:webmail.fripost.org
+notify = /bin/systemctl restart nginx
+{% endif %}
+
+{% if 'git' in group_names %}
+[git]
+certificate-key = /etc/nginx/ssl/git.fripost.org.key
+certificate-chain = /etc/nginx/ssl/git.fripost.org.pem
+subject = /O=Fripost/CN=git.fripost.org
+notify = /bin/systemctl restart nginx
+{% endif %}
+
+; vim:ft=dosini
diff --git a/roles/lists/files/etc/nginx/sites-available/sympa b/roles/lists/files/etc/nginx/sites-available/sympa
index 5e469fa..bcf1d22 100644
--- a/roles/lists/files/etc/nginx/sites-available/sympa
+++ b/roles/lists/files/etc/nginx/sites-available/sympa
@@ -25,7 +25,7 @@ server {
     error_log  /var/log/nginx/lists.error.log info;
 
     include snippets/ssl.conf;
-    ssl_certificate     /etc/nginx/ssl/lists.fripost.org.chained.pem;
+    ssl_certificate     /etc/nginx/ssl/lists.fripost.org.pem;
     ssl_certificate_key /etc/nginx/ssl/lists.fripost.org.key;
 
     location = / {
diff --git a/roles/webmail/files/etc/nginx/sites-available/roundcube b/roles/webmail/files/etc/nginx/sites-available/roundcube
index df10be9..304b05d 100644
--- a/roles/webmail/files/etc/nginx/sites-available/roundcube
+++ b/roles/webmail/files/etc/nginx/sites-available/roundcube
@@ -27,7 +27,7 @@ server {
     root         /var/lib/roundcube;
 
     include snippets/ssl.conf;
-    ssl_certificate     /etc/nginx/ssl/mail.fripost.org.chained.pem;
+    ssl_certificate     /etc/nginx/ssl/mail.fripost.org.pem;
     ssl_certificate_key /etc/nginx/ssl/mail.fripost.org.key;
 
     location = /favicon.ico {
diff --git a/roles/wiki/files/etc/nginx/sites-available/website b/roles/wiki/files/etc/nginx/sites-available/website
index 2519286..5d382ec 100644
--- a/roles/wiki/files/etc/nginx/sites-available/website
+++ b/roles/wiki/files/etc/nginx/sites-available/website
@@ -24,7 +24,7 @@ server {
     server_name www.fripost.org;
 
     include snippets/ssl.conf;
-    ssl_certificate     /etc/nginx/ssl/www.fripost.org.chained.pem;
+    ssl_certificate     /etc/nginx/ssl/www.fripost.org.pem;
     ssl_certificate_key /etc/nginx/ssl/www.fripost.org.key;
 
     access_log /var/log/nginx/www.access.log;
diff --git a/roles/wiki/files/etc/nginx/sites-available/wiki b/roles/wiki/files/etc/nginx/sites-available/wiki
index 2855e07..d61ff28 100644
--- a/roles/wiki/files/etc/nginx/sites-available/wiki
+++ b/roles/wiki/files/etc/nginx/sites-available/wiki
@@ -23,7 +23,7 @@ server {
     server_name wiki.fripost.org;
 
     include snippets/ssl.conf;
-    ssl_certificate     /etc/nginx/ssl/www.fripost.org.chained.pem;
+    ssl_certificate     /etc/nginx/ssl/www.fripost.org.pem;
     ssl_certificate_key /etc/nginx/ssl/www.fripost.org.key;
 
     access_log /var/log/nginx/wiki.access.log;
author	Guilhem Moulin <guilhem@fripost.org>	2016-02-27 00:45:50 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2016-03-02 21:38:37 +0100
commit	ed8cf1de7e87ff6496db46f17fb4bcfc90ccf48f (patch)
tree	9bca7dd3fc058ca0470ceefe742d2ae19df94a3e
parent	4a3f204a3d285a377161efb2dbeec73d329e6d1a (diff)