summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xcerts/gencerts.sh8
-rw-r--r--roles/common-web/files/etc/nginx/snippets/ssl.conf4
2 files changed, 6 insertions, 6 deletions
diff --git a/certs/gencerts.sh b/certs/gencerts.sh
index 8164945..181767e 100755
--- a/certs/gencerts.sh
+++ b/certs/gencerts.sh
@@ -22,8 +22,8 @@ x509fpr() {
host="${msg%%,*}"; host="${msg%% *}"
cert="$DIR/${host%%:*}.pem"
spki=$(openssl x509 -noout -pubkey<"$cert" | openssl pkey -pubin -outform DER | openssl dgst -sha1 | sed -nr 's/^[^=]+=\s*//p')
- [ "$typ" = mdwn ] && printf '\n [[%s|https://crt.sh/?spkisha1=%s&iCAID=7395]]\n\n' "$msg" "$spki" \
- || printf ' %s\n X.509: https://crt.sh/?spkisha1=%s&iCAID=7395\n SPKI:\n' "$msg" "$spki"
+ [ "$typ" = mdwn ] && printf '\n [[%s|https://crt.sh/?spkisha1=%s&iCAID=16418]]\n\n' "$msg" "$spki" \
+ || printf ' %s\n X.509: https://crt.sh/?spkisha1=%s&iCAID=16418\n SPKI:\n' "$msg" "$spki"
for h in sha1 sha256; do
[ "$typ" = mdwn ] || echo -n ' '
echo -n "$h" | tr '[a-z]' '[A-Z]'
@@ -106,7 +106,7 @@ These certificates are all issued by the Let's Encrypt Certificate
Authority, and are submitted to Certificate Transparency logs. You can
view all issued Let's Encrypt certificates at crt.sh:
- https://crt.sh/?Identity=%25fripost.org&iCAID=7395
+ https://crt.sh/?Identity=%25fripost.org&iCAID=16418
Our X.509 certificates are also available in PEM format at:
@@ -136,7 +136,7 @@ These certificates are all issued by the [[Let's Encrypt Certificate
Authority|https://letsencrypt.org]], and are submitted to [[Certificate
Transparency logs|https://www.certificate-transparency.org]].
You can view all issued Let's Encrypt certificates at
-[[crt.sh|https://crt.sh/?Identity=%25fripost.org&iCAID=7395]].
+[[crt.sh|https://crt.sh/?Identity=%25fripost.org&iCAID=16418]].
Our X.509 certificates are also available in PEM format under our
[[Git repository|$VCS_BROWSER/tree/certs/public]],
from which this fingerprint list was [[generated|$VCS_BROWSER/tree/certs/gencerts.sh]], at
diff --git a/roles/common-web/files/etc/nginx/snippets/ssl.conf b/roles/common-web/files/etc/nginx/snippets/ssl.conf
index 0f989b8..1403846 100644
--- a/roles/common-web/files/etc/nginx/snippets/ssl.conf
+++ b/roles/common-web/files/etc/nginx/snippets/ssl.conf
@@ -2,7 +2,7 @@
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1k&hsts=yes&profile=intermediate
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
-# ~$ cat /etc/nginx/ssl/srvcert.pem /usr/share/letsencrypt-tiny/lets-encrypt-x1-cross-signed.pem | sudo tee /etc/nginx/ssl/srvcert.chained.pem
+# ~$ cat /etc/nginx/ssl/srvcert.pem /usr/share/letsencrypt-tiny/lets-encrypt-x3-cross-signed.pem | sudo tee /etc/nginx/ssl/srvcert.chained.pem
ssl on;
@@ -27,4 +27,4 @@ ssl_stapling on;
ssl_stapling_verify on;
# verify chain of trust of OCSP response using Root CA and Intermediate certs
-ssl_trusted_certificate /usr/share/letsencrypt-tiny/lets-encrypt-x1-cross-signed.pem;
+ssl_trusted_certificate /usr/share/letsencrypt-tiny/lets-encrypt-x3-cross-signed.pem;