summaryrefslogtreecommitdiffstats
path: root/certs
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2021-01-07 22:15:52 +0100
committerGuilhem Moulin <guilhem@fripost.org>2021-01-07 22:21:29 +0100
commitfce1b61689627277247c71ddf8bc9543317f9ce4 (patch)
treec9a3d63f00e42de76f65b14de6200a004f76ccd4 /certs
parent5fd32087516232825b690e60c1d5f7633d7c76f2 (diff)
certs/gencerts.sh: Don't hard-code the intermediate CA.
Since mid December Let's Encrypt has been using /C=US/O=Let's Encrypt/CN=R3 (CAID #183267) instead of the old /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3 (CAID #16418).
Diffstat (limited to 'certs')
-rwxr-xr-xcerts/gencerts.sh14
1 files changed, 7 insertions, 7 deletions
diff --git a/certs/gencerts.sh b/certs/gencerts.sh
index b796339..1905dfd 100755
--- a/certs/gencerts.sh
+++ b/certs/gencerts.sh
@@ -26,8 +26,8 @@ x509fpr() {
host="${msg%%,*}"; host="${host%% *}"; host="${host#\`}"
pub="$DIR/${host%%:*}.pub"
spki=$(openssl pkey -pubin -outform DER <"$pub" | openssl dgst -sha256 | sed -nr 's/^[^=]+=\s*//p')
- [ "$typ" = mdwn ] && printf '\n[%s](https://crt.sh/?spkisha256=%s&iCAID=16418&exclude=expired)\n\n' "$msg" "$spki" \
- || printf '\n%s\n\n: X.509: https://crt.sh/?spkisha256=%s&iCAID=16418&exclude=expired\n SPKI:\n' \
+ [ "$typ" = mdwn ] && printf '\n[%s](https://crt.sh/?spkisha256=%s&exclude=expired)\n\n' "$msg" "$spki" \
+ || printf '\n%s\n\n: X.509: https://crt.sh/?spkisha256=%s&exclude=expired\n SPKI:\n' \
"$(printf '%s' "$msg" | tr -d '`' )" "$spki"
[ "$typ" = mdwn ] && indent=":${indent#?}"
for h in sha1 sha256; do
@@ -124,10 +124,10 @@ admin@fripost.org
These certificates are all issued by the Let's Encrypt Certificate
-Authority, and are submitted to Certificate Transparency logs. You can
-view all issued Let's Encrypt certificates at crt.sh:
+Authority, and are submitted to Certificate Transparency logs. You can
+view all issued certificates at crt.sh:
- https://crt.sh/?Identity=%25fripost.org&iCAID=16418
+ https://crt.sh/?Identity=fripost.org
The SPKI of our X.509 certificates are also available in PEM format at:
@@ -155,8 +155,8 @@ the [signed version of this page](/certs.asc).)
These certificates are all issued by the [Let's Encrypt Certificate
Authority](https://letsencrypt.org), and are submitted to [Certificate
Transparency logs](https://www.certificate-transparency.org).
-You can view all issued Let's Encrypt certificates at
-[crt.sh](https://crt.sh/?Identity=%25fripost.org&iCAID=16418).
+You can view all issued certificates at
+[crt.sh](https://crt.sh/?Identity=%25fripost.org).
The SPKI of our X.509 certificates are also available in PEM format
under our [Git repository]($VCS_BROWSER/tree/certs/public),
from which this fingerprint list was [generated]($VCS_BROWSER/tree/certs/gencerts.sh), at