diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2021-01-07 22:15:52 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2021-01-07 22:21:29 +0100 |
commit | fce1b61689627277247c71ddf8bc9543317f9ce4 (patch) | |
tree | c9a3d63f00e42de76f65b14de6200a004f76ccd4 /certs | |
parent | 5fd32087516232825b690e60c1d5f7633d7c76f2 (diff) |
certs/gencerts.sh: Don't hard-code the intermediate CA.
Since mid December Let's Encrypt has been using /C=US/O=Let's
Encrypt/CN=R3 (CAID #183267) instead of the old /C=US/O=Let's
Encrypt/CN=Let's Encrypt Authority X3 (CAID #16418).
Diffstat (limited to 'certs')
-rwxr-xr-x | certs/gencerts.sh | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/certs/gencerts.sh b/certs/gencerts.sh index b796339..1905dfd 100755 --- a/certs/gencerts.sh +++ b/certs/gencerts.sh @@ -26,8 +26,8 @@ x509fpr() { host="${msg%%,*}"; host="${host%% *}"; host="${host#\`}" pub="$DIR/${host%%:*}.pub" spki=$(openssl pkey -pubin -outform DER <"$pub" | openssl dgst -sha256 | sed -nr 's/^[^=]+=\s*//p') - [ "$typ" = mdwn ] && printf '\n[%s](https://crt.sh/?spkisha256=%s&iCAID=16418&exclude=expired)\n\n' "$msg" "$spki" \ - || printf '\n%s\n\n: X.509: https://crt.sh/?spkisha256=%s&iCAID=16418&exclude=expired\n SPKI:\n' \ + [ "$typ" = mdwn ] && printf '\n[%s](https://crt.sh/?spkisha256=%s&exclude=expired)\n\n' "$msg" "$spki" \ + || printf '\n%s\n\n: X.509: https://crt.sh/?spkisha256=%s&exclude=expired\n SPKI:\n' \ "$(printf '%s' "$msg" | tr -d '`' )" "$spki" [ "$typ" = mdwn ] && indent=":${indent#?}" for h in sha1 sha256; do @@ -124,10 +124,10 @@ admin@fripost.org These certificates are all issued by the Let's Encrypt Certificate -Authority, and are submitted to Certificate Transparency logs. You can -view all issued Let's Encrypt certificates at crt.sh: +Authority, and are submitted to Certificate Transparency logs. You can +view all issued certificates at crt.sh: - https://crt.sh/?Identity=%25fripost.org&iCAID=16418 + https://crt.sh/?Identity=fripost.org The SPKI of our X.509 certificates are also available in PEM format at: @@ -155,8 +155,8 @@ the [signed version of this page](/certs.asc).) These certificates are all issued by the [Let's Encrypt Certificate Authority](https://letsencrypt.org), and are submitted to [Certificate Transparency logs](https://www.certificate-transparency.org). -You can view all issued Let's Encrypt certificates at -[crt.sh](https://crt.sh/?Identity=%25fripost.org&iCAID=16418). +You can view all issued certificates at +[crt.sh](https://crt.sh/?Identity=%25fripost.org). The SPKI of our X.509 certificates are also available in PEM format under our [Git repository]($VCS_BROWSER/tree/certs/public), from which this fingerprint list was [generated]($VCS_BROWSER/tree/certs/gencerts.sh), at |