From f84716c064312dd9dc0d149f0ec7a12f5c88c3af Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 26 Apr 2023 17:41:24 +0200 Subject: tests/account-encrypted-*: Set TERM="linux". --- tests/account-encrypted-gpg | 2 +- tests/account-encrypted-openssl | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/tests/account-encrypted-gpg b/tests/account-encrypted-gpg index fd1e4ac..7cb978d 100644 --- a/tests/account-encrypted-gpg +++ b/tests/account-encrypted-gpg @@ -9,7 +9,7 @@ keyid="$(gpg --list-secret-key --with-colons | grep -m1 ^fpr: | cut -sd: -f10)" gpg --encrypt -r "$keyid" /etc/lacme/account.key sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = gpg:/etc/lacme/account.key.gpg|}' /etc/lacme/lacme-accountd.conf -export GPG_TTY="$(tty)" +export GPG_TTY="$(tty)" TERM="linux" lacme account # vim: set filetype=sh : diff --git a/tests/account-encrypted-openssl b/tests/account-encrypted-openssl index e79a528..a3ad707 100644 --- a/tests/account-encrypted-openssl +++ b/tests/account-encrypted-openssl @@ -5,6 +5,7 @@ PASSPHRASE="test" openssl rsa -aes128 -passout pass:"$PASSPHRASE" /etc/lacme/account.enc.key sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = file:/etc/lacme/account.enc.key|}' /etc/lacme/lacme-accountd.conf +export TERM="linux" lacme account # vim: set filetype=sh : -- cgit v1.2.3 From 3be911f0cf34dd8048d9ddf084950f964d4cd3dd Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 26 Apr 2023 17:41:56 +0200 Subject: test: Fix test name in error messages. --- test | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test b/test index 5200974..1606151 100755 --- a/test +++ b/test @@ -67,7 +67,7 @@ else if [ -f "tests/$t" ]; then TESTS+=( "$t" ) else - echo "Error: '$1': no such test" >&2 + echo "Error: '$t': no such test" >&2 exit 1 fi done -- cgit v1.2.3 From a41444b8b1fe5349a4a33c45f1e96036845609bb Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 13 Jun 2024 03:33:11 +0200 Subject: t/cert-install: Ensure the subjectName is lowercase. Domain names are case insensitive so it shouldn't matter, but Let's Encrypt (staging) ACME server fails with 400 Bad Request (Invalid identifiers requested :: Cannot issue for "YXJCTT7S6K2RQLVO.lacme-test.guilhem.org": Domain name contains an invalid character) if the sub-domain part of the subjectName is left all-caps. --- tests/cert-install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cert-install b/tests/cert-install index 4b3e820..4182790 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -30,7 +30,7 @@ grepstderr -Fxq "[bad3] Warning: Couldn't generate CSR, skipping" # 'certificate' installs only the leaf certificate openssl genpkey -algorithm RSA -out /etc/lacme/test1.key -subject="/CN=$(head -c10 /dev/urandom | base32 -w0).$DOMAINNAME" +subject="/CN=$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME" cat >"/etc/lacme/lacme-certs.conf.d/test1.conf" <<- EOF [test1] certificate-key = /etc/lacme/test1.key -- cgit v1.2.3 From 568656b1fcb60d451b4a5313876ef0b96ae8bbfd Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 13 Jun 2024 14:30:30 +0200 Subject: t/cert-extensions: Fix tr(1) range syntax. --- tests/cert-extensions | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/cert-extensions b/tests/cert-extensions index a397ee5..bc40298 100644 --- a/tests/cert-extensions +++ b/tests/cert-extensions @@ -10,7 +10,7 @@ x509_check() { # default settings (the ACME server adds a subjectAltName with the Common Name) openssl genpkey -algorithm RSA -out /etc/lacme/test1.key -commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "[A-Z]" "[a-z]").$DOMAINNAME" +commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME" cat >"/etc/lacme/lacme-certs.conf.d/test1.conf" <<- EOF [test1] certificate-key = /etc/lacme/test1.key @@ -34,10 +34,10 @@ EOF # subjectAltName openssl genpkey -algorithm RSA -out /etc/lacme/test2.key -commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "[A-Z]" "[a-z]").$DOMAINNAME" +commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME" subjectAltName="" for i in $(seq 1 8); do - subjectAltName="${subjectAltName:+"$subjectAltName "}$(head -c10 /dev/urandom | base32 -w0 | tr "[A-Z]" "[a-z]").$DOMAINNAME" + subjectAltName="${subjectAltName:+"$subjectAltName "}$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME" done cat >"/etc/lacme/lacme-certs.conf.d/test2.conf" <<- EOF [test2] @@ -63,7 +63,7 @@ EOF # tlsfeature openssl genpkey -algorithm RSA -out /etc/lacme/test3.key -commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "[A-Z]" "[a-z]").$DOMAINNAME" +commonName="$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME" cat >"/etc/lacme/lacme-certs.conf.d/test3.conf" <<- EOF [test3] certificate-key = /etc/lacme/test3.key -- cgit v1.2.3 From bf4d2d13ffcd894c6e7765dbd366f1163c69c9e1 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 13 Jun 2024 03:33:20 +0200 Subject: Pass `-in /dev/stdin` option to openssl(1) to avoid warning with recent versions. OpenSSL 3.2 from Debian sid spews Warning: Reading certificate from stdin since no -in or -new option is given without an explicit `-in /dev/stdin`. --- lacme | 14 +++++++------- tests/account-encrypted-openssl | 2 +- tests/cert-extensions | 2 +- tests/cert-install | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/lacme b/lacme index 6284c66..19d78a9 100755 --- a/lacme +++ b/lacme @@ -184,7 +184,7 @@ sub gen_csr(%) { push @args, "-$args{hash}" if defined $args{hash}; push @args, '-subj', $args{subject}, '-config', $config->filename(), qw/-reqexts v3_req/; - open my $fh, '-|', qw/openssl req -outform DER/, @args or die "fork: $!"; + open my $fh, '-|', qw{openssl req -outform DER}, @args or die "fork: $!"; my $csr = do { local $/ = undef; <$fh> }; close $fh or $! ? die "close: $!" : return; @@ -195,7 +195,7 @@ sub gen_csr(%) { unless ($pid) { open STDIN, '<&', $rd or die "dup: $!"; open STDOUT, '>&', \*STDERR or die "dup: $!"; - exec qw/openssl req -noout -text -inform DER/ or die; + exec qw{openssl req -in /dev/stdin -inform DER -noout -text} or die; } $rd->close() or die "close: $!"; $wd->print($csr); @@ -842,8 +842,8 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { # XXX would be nice to use X509_get_X509_PUBKEY and X509_REQ_get_X509_PUBKEY here, # or EVP_PKEY_cmp(), but unfortunately Net::SSLeay 1.88 doesn't support these my ($cert_pubkey, $csr_pubkey); - spawn({in => $cert, out => \$cert_pubkey}, qw/openssl x509 -inform PEM -noout -pubkey/); - spawn({in => $csr, out => \$csr_pubkey }, qw/openssl req -inform DER -noout -pubkey/); + spawn({in => $cert, out => \$cert_pubkey}, qw{openssl x509 -in /dev/stdin -inform PEM -noout -pubkey}); + spawn({in => $csr, out => \$csr_pubkey }, qw{openssl req -in /dev/stdin -inform DER -noout -pubkey}); unless (defined $cert_pubkey and defined $csr_pubkey and $cert_pubkey eq $csr_pubkey) { print STDERR "[$s] Error: Received bogus X.509 certificate from ACME server!\n"; $rv = 1; @@ -878,7 +878,7 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { } my @certopts = join ',', qw/no_header no_version no_pubkey no_sigdump/; - open my $fh, '|-', qw/openssl x509 -noout -fingerprint -sha256 -text -certopt/, @certopts + open my $fh, '|-', qw{openssl x509 -in /dev/stdin -noout -fingerprint -sha256 -text -certopt}, @certopts or die "fork: $!"; print $fh $cert; close $fh or die $! ? @@ -909,14 +909,14 @@ elsif ($COMMAND eq 'revokeCert' or $COMMAND eq 'revoke-cert') { print STDERR "Revoking $filename\n"; # conversion PEM -> DER - open my $fh, '-|', qw/openssl x509 -outform DER -in/, $filename or die "fork: $!"; + open my $fh, '-|', qw{openssl x509 -in}, $filename, qw{-outform DER} or die "fork: $!"; my $der = do { local $/ = undef; <$fh> }; close $fh or die $! ? "close: $!" : "Error: x509(1ssl) exited with value ".($? >> 8)."\n"; my @certopts = join ',', qw/no_header no_version no_pubkey no_sigdump no_extensions/; - open my $fh2, '|-', qw/openssl x509 -inform DER -noout -fingerprint -sha256 -text -certopt/, @certopts + open my $fh2, '|-', qw{openssl x509 -in /dev/stdin -inform DER -noout -fingerprint -sha256 -text -certopt}, @certopts or die "fork: $!"; print $fh2 $der; close $fh2 or die $! ? diff --git a/tests/account-encrypted-openssl b/tests/account-encrypted-openssl index a3ad707..1f97fd0 100644 --- a/tests/account-encrypted-openssl +++ b/tests/account-encrypted-openssl @@ -2,7 +2,7 @@ PASSPHRASE="test" -openssl rsa -aes128 -passout pass:"$PASSPHRASE" /etc/lacme/account.enc.key +openssl rsa -in /etc/lacme/account.key -out /etc/lacme/account.enc.key -aes128 -passout pass:"$PASSPHRASE" sed -ri '0,\|^#?privkey\s*=.*| {s||privkey = file:/etc/lacme/account.enc.key|}' /etc/lacme/lacme-accountd.conf export TERM="linux" diff --git a/tests/cert-extensions b/tests/cert-extensions index bc40298..d7e7855 100644 --- a/tests/cert-extensions +++ b/tests/cert-extensions @@ -4,7 +4,7 @@ x509_check() { local cert="$1" ext out out="$(mktemp --tmpdir)" ext="basicConstraints,subjectAltName,keyUsage,extendedKeyUsage,tlsfeature" - openssl x509 -noout -subject -ext "$ext" -nameopt compat <"$cert" >"$out" + openssl x509 -in "$cert" -noout -subject -ext "$ext" -nameopt compat >"$out" diff --unified --color=auto -b --label="a/${cert#/}" --label="b/${cert#/}" -- - "$out" } diff --git a/tests/cert-install b/tests/cert-install index 4182790..e24fe34 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -46,9 +46,9 @@ diff --unified /etc/lacme/test1.crt /etc/lacme/test1.pem check_hash() { local p1="$1" p2 s1 s2 - s1="$(openssl x509 -noout -hash <"$p1")" + s1="$(openssl x509 -in "$p1" -noout -hash)" for p2 in /usr/share/lacme/ca-certificates.pem.*; do - s2="$(openssl x509 -noout -hash <"$p2")" + s2="$(openssl x509 -in "$p2" -noout -hash)" if [ "$s1" = "$s2" ]; then return 0 fi -- cgit v1.2.3 From 9cb882a468843bf8ce9598de8769d5baaaaae3ea Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 13 Jun 2024 03:32:04 +0200 Subject: Fix post-issuance validation logic. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Rather than adding intermediates in the certificate bundle we now validate the leaf certificate with intermediates as untrusted (used for chain building only). Only the root certificates are used as trust anchor. Not pining intermediate certificates anymore is in line with Let's Encrypt's latest recommendations: Rotating the set of intermediates we issue from helps keep the Internet agile and more secure. It encourages automation and efficiency, and discourages outdated practices like key pinning. “Key Pinning” is a practice in which clients — either ACME clients getting certificates for their site, or apps connecting to their own backend servers — decide to trust only a single issuing intermediate certificate rather than delegating trust to the system trust store. Updating pinned keys is a manual process, which leads to an increased risk of errors and potential business continuity failures. — https://letsencrypt.org/2024/03/19/new-intermediate-certificates: --- Makefile | 8 ++---- lacme | 26 +++++++++++++---- tests/cert-install | 82 +++++++++++++++++++++++++++++++++++------------------- 3 files changed, 76 insertions(+), 40 deletions(-) diff --git a/Makefile b/Makefile index 10e55c5..cb2f4ed 100644 --- a/Makefile +++ b/Makefile @@ -16,17 +16,13 @@ $(MANUAL_FILES): $(BUILDDIR)/%: $(BUILDDIR)/%.md # used for validation, see https://letsencrypt.org/certificates/ $(BUILDDIR)/certs/ca-certificates.crt: \ certs/isrgrootx1.pem \ - certs/isrg-root-x2.pem \ - certs/lets-encrypt-r[34].pem \ - certs/lets-encrypt-e[12].pem + certs/isrg-root-x2.pem mkdir -pv -- $(@D) cat -- $^ >$@ # Staging Environment for tests, see https://letsencrypt.org/docs/staging-environment/ $(BUILDDIR)/certs-staging/ca-certificates.crt: \ - certs-staging/letsencrypt-stg-root-x[12].pem \ - certs-staging/letsencrypt-stg-int-r[34].pem \ - certs-staging/letsencrypt-stg-int-e[12].pem + certs-staging/letsencrypt-stg-root-x[12].pem mkdir -pv -- $(@D) cat -- $^ >$@ diff --git a/lacme b/lacme index 19d78a9..b167f9b 100755 --- a/lacme +++ b/lacme @@ -822,21 +822,31 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { next; } - my $cert; + my @chain; eval { my $mem = Net::SSLeay::BIO_s_mem() or die; my $bio = Net::SSLeay::BIO_new($mem) or die; die "incomplete write" unless Net::SSLeay::BIO_write($bio, $chain) == length($chain); - my $x509 = Net::SSLeay::PEM_read_bio_X509($bio); - $cert = Net::SSLeay::PEM_get_string_X509($x509); + + my $sk_x509_info = Net::SSLeay::PEM_X509_INFO_read_bio($bio); + + my $n = Net::SSLeay::sk_X509_INFO_num($sk_x509_info); + for (my $i = 0; $i < $n; $i++) { + my $x509_info = Net::SSLeay::sk_X509_INFO_value($sk_x509_info, $i); + my $x509 = Net::SSLeay::P_X509_INFO_get_x509($x509_info); + my $cert = Net::SSLeay::PEM_get_string_X509($x509); + push @chain, $cert; + } + Net::SSLeay::BIO_free($bio) or die; }; - if ($@) { + if ($@ or !@chain) { print STDERR "[$s] Error: Received bogus X.509 certificate from ACME server!\n"; $rv = 1; next; } + my $cert = shift @chain; # leave only the intermediate in @chain # extract pubkeys from CSR and cert, and ensure they match # XXX would be nice to use X509_get_X509_PUBKEY and X509_REQ_get_X509_PUBKEY here, @@ -852,9 +862,15 @@ elsif ($COMMAND eq 'newOrder' or $COMMAND eq 'new-cert') { # verify certificate validity against the CA bundle if ((my $CAfile = $conf->{CAfile} // '@@datadir@@/lacme/ca-certificates.crt') ne '') { + my $chain_tmp = File::Temp::->new(SUFFIX => '.crt', TMPDIR => 1) // die; + $chain_tmp->say($_) foreach @chain; + $chain_tmp->flush(); + my %args = (in => $cert); $args{out} = \*STDERR if $OPTS{debug}; - my @options = ('-trusted', $CAfile, '-purpose', 'sslserver', '-x509_strict'); + my @options = ('-trusted', $CAfile); + push @options, '-untrusted', $chain_tmp->filename() if @chain; + push @options, ('-purpose', 'sslserver', '-x509_strict'); push @options, '-show_chain' if $OPTS{debug}; if (spawn(\%args, 'openssl', 'verify', @options)) { print STDERR "[$s] Error: Received invalid X.509 certificate from ACME server!\n"; diff --git a/tests/cert-install b/tests/cert-install index e24fe34..279309f 100644 --- a/tests/cert-install +++ b/tests/cert-install @@ -28,6 +28,55 @@ EOF grepstderr -Fxq "[bad3] Warning: Couldn't generate CSR, skipping" +check_spki() { + local p1="$1" p2="$2" s1 s2 + s1="$(openssl x509 -in "$p1" -noout -pubkey \ + | openssl pkey -pubin -outform DER \ + | openssl dgst -sha256 \ + | sed 's/.*=\s*//')" + s2="$(openssl pkey -in "$p2" -pubout -outform DER \ + | openssl dgst -sha256 \ + | sed 's/.*=\s*//')" + if [ -n "$s1" ] && [ "$s1" = "$s2" ]; then + return 0 + else + printf "%s != %s\\n" "$s1" "$s2" >&2 + return 1 + fi +} +check_chain() { + local priv="$1" chain="$2" leaf="${3-}" pem0 + + csplit -f "${chain%.crt}.chain.pem" "$chain" \ + "/-----BEGIN CERTIFICATE-----/" "{*}" + + pem0="${chain%.crt}.chain.pem00" + if [ ! -s "$pem0" ]; then + # 00 is empty, leaf cert is at 01 + rm -f -- "$pem0" + pem0="${chain%.crt}.chain.pem01" + fi + test -s "$pem0" || return 1 + check_spki "$pem0" "$priv" + + if [ -n "$leaf" ]; then + diff --ignore-blank-lines --unified "$pem0" "$leaf" || return 1 + fi + + leaf="${chain%.crt}.leaf.pem" + mv -T -- "$pem0" "$leaf" + + intermediates="${chain%.crt}.intermediates.pem" + sed "/^$/d" "${chain%.crt}.chain.pem"[0-9]* >"$intermediates" + test -s "$intermediates" || return 1 # ensure there is at least one intermediate + + openssl verify -trusted /usr/share/lacme/ca-certificates.crt \ + -untrusted "$intermediates" \ + -purpose sslserver -x509_strict \ + -show_chain \ + -- "$leaf" || return 1 +} + # 'certificate' installs only the leaf certificate openssl genpkey -algorithm RSA -out /etc/lacme/test1.key subject="/CN=$(head -c10 /dev/urandom | base32 -w0 | tr "A-Z" "a-z").$DOMAINNAME" @@ -42,23 +91,9 @@ lacme newOrder test1 2>"$STDERR" || fail newOrder test1 test /etc/lacme/test1.crt -nt /etc/lacme/test1.key sed -n "0,/^-----END CERTIFICATE-----$/ p" /etc/lacme/test1.crt >/etc/lacme/test1.pem diff --unified /etc/lacme/test1.crt /etc/lacme/test1.pem +check_spki /etc/lacme/test1.crt /etc/lacme/test1.key -check_hash() { - local p1="$1" p2 s1 s2 - s1="$(openssl x509 -in "$p1" -noout -hash)" - for p2 in /usr/share/lacme/ca-certificates.pem.*; do - s2="$(openssl x509 -in "$p2" -noout -hash)" - if [ "$s1" = "$s2" ]; then - return 0 - fi - done - return 1 -} -csplit -f /usr/share/lacme/ca-certificates.pem. /usr/share/lacme/ca-certificates.crt \ - "/-----BEGIN CERTIFICATE-----/" "{*}" -rm -f /usr/share/lacme/ca-certificates.pem.00 - # 'certificate-chain' appends the chain of trust openssl genpkey -algorithm RSA -out /etc/lacme/test2.key cat >"/etc/lacme/lacme-certs.conf.d/test2.conf" <<- EOF @@ -70,16 +105,7 @@ EOF lacme newOrder test2 2>"$STDERR" || fail newOrder test2 test /etc/lacme/test2.crt -nt /etc/lacme/test2.key -csplit -f /etc/lacme/test2.chain.pem /etc/lacme/test2.crt \ - "/-----BEGIN CERTIFICATE-----/" "{*}" -test -s /etc/lacme/test2.chain.pem01 # leaf cert (00 is empty) -rm -f /etc/lacme/test2.chain.pem0[01] -test -s /etc/lacme/test2.chain.pem02 # depth 1 - -# all certificates at depth >=1 must be in our CA bundle -for p in /etc/lacme/test2.chain.pem*; do - check_hash "$p" -done +check_chain /etc/lacme/test2.key /etc/lacme/test2.crt # 'certificate' + 'certificate-chain' openssl genpkey -algorithm RSA -out /etc/lacme/test3.key @@ -94,10 +120,8 @@ EOF lacme newOrder test3 2>"$STDERR" || fail newOrder test3 test /etc/lacme/test3.pem -nt /etc/lacme/test3.key test /etc/lacme/test3.crt -nt /etc/lacme/test3.key -csplit -f /etc/lacme/test3.chain.pem /etc/lacme/test3.crt \ - "/-----BEGIN CERTIFICATE-----/" "{*}" -sed -i "/^$/d" /etc/lacme/test3.chain.pem* -diff -q /etc/lacme/test3.chain.pem01 /etc/lacme/test3.pem +check_chain /etc/lacme/test3.key /etc/lacme/test3.crt /etc/lacme/test3.pem + st="$(stat -c "%U:%G %#a" /etc/lacme/test3.pem)" [ "$st" = "root:root 0644" ] st="$(stat -c "%U:%G %#a" /etc/lacme/test3.crt)" -- cgit v1.2.3 From 83f4cabd85c240cd0f13fdd4c88266648eb0a90c Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 13 Jun 2024 14:47:08 +0200 Subject: certs/*, cert-staging/*: Remove intermediate and expired certificates. Only the root certificates are now used as trust anchor. --- certs-staging/letsencrypt-stg-int-e1.pem | 19 ------------------- certs-staging/letsencrypt-stg-int-e2.pem | 19 ------------------- certs-staging/letsencrypt-stg-int-r3.pem | 31 ------------------------------- certs-staging/letsencrypt-stg-int-r4.pem | 31 ------------------------------- certs/lets-encrypt-e1.pem | 17 ----------------- certs/lets-encrypt-e2.pem | 17 ----------------- certs/lets-encrypt-r3-cross-signed.pem | 26 -------------------------- certs/lets-encrypt-r3.pem | 30 ------------------------------ certs/lets-encrypt-r4-cross-signed.pem | 26 -------------------------- certs/lets-encrypt-r4.pem | 30 ------------------------------ certs/lets-encrypt-x1-cross-signed.pem | 27 --------------------------- certs/lets-encrypt-x2-cross-signed.pem | 27 --------------------------- certs/lets-encrypt-x3-cross-signed.pem | 27 --------------------------- certs/lets-encrypt-x4-cross-signed.pem | 27 --------------------------- certs/letsencryptauthorityx1.pem | 32 -------------------------------- certs/letsencryptauthorityx2.pem | 32 -------------------------------- certs/letsencryptauthorityx3.pem | 32 -------------------------------- certs/letsencryptauthorityx4.pem | 32 -------------------------------- 18 files changed, 482 deletions(-) delete mode 100644 certs-staging/letsencrypt-stg-int-e1.pem delete mode 100644 certs-staging/letsencrypt-stg-int-e2.pem delete mode 100644 certs-staging/letsencrypt-stg-int-r3.pem delete mode 100644 certs-staging/letsencrypt-stg-int-r4.pem delete mode 100644 certs/lets-encrypt-e1.pem delete mode 100644 certs/lets-encrypt-e2.pem delete mode 100644 certs/lets-encrypt-r3-cross-signed.pem delete mode 100644 certs/lets-encrypt-r3.pem delete mode 100644 certs/lets-encrypt-r4-cross-signed.pem delete mode 100644 certs/lets-encrypt-r4.pem delete mode 100644 certs/lets-encrypt-x1-cross-signed.pem delete mode 100644 certs/lets-encrypt-x2-cross-signed.pem delete mode 100644 certs/lets-encrypt-x3-cross-signed.pem delete mode 100644 certs/lets-encrypt-x4-cross-signed.pem delete mode 100644 certs/letsencryptauthorityx1.pem delete mode 100644 certs/letsencryptauthorityx2.pem delete mode 100644 certs/letsencryptauthorityx3.pem delete mode 100644 certs/letsencryptauthorityx4.pem diff --git a/certs-staging/letsencrypt-stg-int-e1.pem b/certs-staging/letsencrypt-stg-int-e1.pem deleted file mode 100644 index 2d6290c..0000000 --- a/certs-staging/letsencrypt-stg-int-e1.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDCzCCApGgAwIBAgIRALRY4992FVxZJKOJ3bpffWIwCgYIKoZIzj0EAwMwaDEL -MAkGA1UEBhMCVVMxMzAxBgNVBAoTKihTVEFHSU5HKSBJbnRlcm5ldCBTZWN1cml0 -eSBSZXNlYXJjaCBHcm91cDEkMCIGA1UEAxMbKFNUQUdJTkcpIEJvZ3VzIEJyb2Nj -b2xpIFgyMB4XDTIwMDkwNDAwMDAwMFoXDTI1MDkxNTE2MDAwMFowVTELMAkGA1UE -BhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSQwIgYDVQQD -ExsoU1RBR0lORykgRXJzYXR6IEVkYW1hbWUgRTEwdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAAT9v/PJUtHOTk28nXCXrpP665vI4Z094h8o7R+5E6yNajZa0UubqjpZFoGq -u785/vGXj6mdfIzc9boITGusZCSWeMj5ySMZGZkS+VSvf8VQqj+3YdEu4PLZEjBA -ivRFpEejggEQMIIBDDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUH -AwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFOv5JcKA -KGbibQiSMvPC4a3D/zVFMB8GA1UdIwQYMBaAFN7Ro1lkDsGaNqNG7rAQdu+ul5Vm -MDYGCCsGAQUFBwEBBCowKDAmBggrBgEFBQcwAoYaaHR0cDovL3N0Zy14Mi5pLmxl -bmNyLm9yZy8wKwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3N0Zy14Mi5jLmxlbmNy -Lm9yZy8wIgYDVR0gBBswGTAIBgZngQwBAgEwDQYLKwYBBAGC3xMBAQEwCgYIKoZI -zj0EAwMDaAAwZQIwXcZbdgxcGH9rTErfSTkXfBKKygU0yO7OpbuNeY1id0FZ/hRY -N5fdLOGuc+aHfCsMAjEA0P/xwKr6NQ9MN7vrfGAzO397PApdqfM7VdFK18aEu1xm -3HMFKzIR8eEPsMx4smMl ------END CERTIFICATE----- diff --git a/certs-staging/letsencrypt-stg-int-e2.pem b/certs-staging/letsencrypt-stg-int-e2.pem deleted file mode 100644 index 931ff9b..0000000 --- a/certs-staging/letsencrypt-stg-int-e2.pem +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDCjCCApCgAwIBAgIQQuJJzkyQeLKT5OSWP41qRTAKBggqhkjOPQQDAzBoMQsw -CQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3VyaXR5 -IFJlc2VhcmNoIEdyb3VwMSQwIgYDVQQDExsoU1RBR0lORykgQm9ndXMgQnJvY2Nv -bGkgWDIwHhcNMjAwOTA0MDAwMDAwWhcNMjUwOTE1MTYwMDAwWjBVMQswCQYDVQQG -EwJVUzEgMB4GA1UEChMXKFNUQUdJTkcpIExldCdzIEVuY3J5cHQxJDAiBgNVBAMT -GyhTVEFHSU5HKSBFcnNhdHogRWRhbWFtZSBFMjB2MBAGByqGSM49AgEGBSuBBAAi -A2IABEpsxJnmT3EQu6hL6LeYyvVggZd1aOj6QepgX+mdhOYxCgAvb4etuL80y7EP -sUUJh3Y20WhgXsZW21jukrL+PzdKfctcRoOM7CFBBk+09Ubalyys69O99+B6doRx -GYWWp6OCARAwggEMMA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcD -AgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUbPiNRb5I -GjoDUBH28pJdQ2OphogwHwYDVR0jBBgwFoAU3tGjWWQOwZo2o0busBB2766XlWYw -NgYIKwYBBQUHAQEEKjAoMCYGCCsGAQUFBzAChhpodHRwOi8vc3RnLXgyLmkubGVu -Y3Iub3JnLzArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8vc3RnLXgyLmMubGVuY3Iu -b3JnLzAiBgNVHSAEGzAZMAgGBmeBDAECATANBgsrBgEEAYLfEwEBATAKBggqhkjO -PQQDAwNoADBlAjEAv19ESEwzY8fAt1WkE4Nkm6bJxQEJZwILGNnvPuEmAKlngKov -dm1feBw0q45Fl8MEAjA24IoWYt7txJSbPQpxETJfsjO8aLWxedQpqHWS1x0zEB4L -K5uFc99+L56DIgmqjKM= ------END CERTIFICATE----- diff --git a/certs-staging/letsencrypt-stg-int-r3.pem b/certs-staging/letsencrypt-stg-int-r3.pem deleted file mode 100644 index 0282fc1..0000000 --- a/certs-staging/letsencrypt-stg-int-r3.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWzCCA0OgAwIBAgIQTfQrldHumzpMLrM7jRBd1jANBgkqhkiG9w0BAQsFADBm -MQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3Vy -aXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQ -ZWFyIFgxMB4XDTIwMDkwNDAwMDAwMFoXDTI1MDkxNTE2MDAwMFowWTELMAkGA1UE -BhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSgwJgYDVQQD -Ex8oU1RBR0lORykgQXJ0aWZpY2lhbCBBcHJpY290IFIzMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEAu6TR8+74b46mOE1FUwBrvxzEYLck3iasmKrcQkb+ -gy/z9Jy7QNIAl0B9pVKp4YU76JwxF5DOZZhi7vK7SbCkK6FbHlyU5BiDYIxbbfvO -L/jVGqdsSjNaJQTg3C3XrJja/HA4WCFEMVoT2wDZm8ABC1N+IQe7Q6FEqc8NwmTS -nmmRQm4TQvr06DP+zgFK/MNubxWWDSbSKKTH5im5j2fZfg+j/tM1bGaczFWw8/lS -nukyn5J2L+NJYnclzkXoh9nMFnyPmVbfyDPOc4Y25aTzVoeBKXa/cZ5MM+WddjdL -biWvm19f1sYn1aRaAIrkppv7kkn83vcth8XCG39qC2ZvaQIDAQABo4IBEDCCAQww -DgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAS -BgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBTecnpI3zHDplDfn4Uj31c3S10u -ZTAfBgNVHSMEGDAWgBS182Xy/rAKkh/7PH3zRKCsYyXDFDA2BggrBgEFBQcBAQQq -MCgwJgYIKwYBBQUHMAKGGmh0dHA6Ly9zdGcteDEuaS5sZW5jci5vcmcvMCsGA1Ud -HwQkMCIwIKAeoByGGmh0dHA6Ly9zdGcteDEuYy5sZW5jci5vcmcvMCIGA1UdIAQb -MBkwCAYGZ4EMAQIBMA0GCysGAQQBgt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCN -DLam9yN0EFxxn/3p+ruWO6n/9goCAM5PT6cC6fkjMs4uas6UGXJjr5j7PoTQf3C1 -vuxiIGRJC6qxV7yc6U0X+w0Mj85sHI5DnQVWN5+D1er7mp13JJA0xbAbHa3Rlczn -y2Q82XKui8WHuWra0gb2KLpfboYj1Ghgkhr3gau83pC/WQ8HfkwcvSwhIYqTqxoZ -Uq8HIf3M82qS9aKOZE0CEmSyR1zZqQxJUT7emOUapkUN9poJ9zGc+FgRZvdro0XB -yphWXDaqMYph0DxW/10ig5j4xmmNDjCRmqIKsKoWA52wBTKKXK1na2ty/lW5dhtA -xkz5rVZFd4sgS4J0O+zm6d5GRkWsNJ4knotGXl8vtS3X40KXeb3A5+/3p0qaD215 -Xq8oSNORfB2oI1kQuyEAJ5xvPTdfwRlyRG3lFYodrRg6poUBD/8fNTXMtzydpRgy -zUQZh/18F6B/iW6cbiRN9r2Hkh05Om+q0/6w0DdZe+8YrNpfhSObr/1eVZbKGMIY -qKmyZbBNu5ysENIK5MPc14mUeKmFjpN840VR5zunoU52lqpLDua/qIM8idk86xGW -xx2ml43DO/Ya/tVZVok0mO0TUjzJIfPqyvr455IsIut4RlCR9Iq0EDTve2/ZwCuG -hSjpTUFGSiQrR2JK2Evp+o6AETUkBCO1aw0PpQBPDQ== ------END CERTIFICATE----- diff --git a/certs-staging/letsencrypt-stg-int-r4.pem b/certs-staging/letsencrypt-stg-int-r4.pem deleted file mode 100644 index 7e482dc..0000000 --- a/certs-staging/letsencrypt-stg-int-r4.pem +++ /dev/null @@ -1,31 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFWzCCA0OgAwIBAgIQaCYQ95QBw3BbcmLyhdXHzjANBgkqhkiG9w0BAQsFADBm -MQswCQYDVQQGEwJVUzEzMDEGA1UEChMqKFNUQUdJTkcpIEludGVybmV0IFNlY3Vy -aXR5IFJlc2VhcmNoIEdyb3VwMSIwIAYDVQQDExkoU1RBR0lORykgUHJldGVuZCBQ -ZWFyIFgxMB4XDTIwMDkwNDAwMDAwMFoXDTI1MDkxNTE2MDAwMFowWTELMAkGA1UE -BhMCVVMxIDAeBgNVBAoTFyhTVEFHSU5HKSBMZXQncyBFbmNyeXB0MSgwJgYDVQQD -Ex8oU1RBR0lORykgQXJ0aWZpY2lhbCBBcHJpY290IFI0MIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEA6J8Tmlh6z62axF2+KzRgHHmxf0c5LHGA+wVx9ukJ -nB9zkqdG+gyGfYBnwPlxny0JWBS/1/wu7ry+IhtYOqar1Rg+f+gD0+SqOYmngNW8 -IIw0WTjHhqYB2d2Fxsr9bPIpDwpHRbgE8HkozAKwrWs5xDthZlaMZfEyAKzdx8mC -PttZzKW4ubSptmNMoGHx5t/pBWrNGz5EFuTYcy0DkknMvKedkVJn+jJBxVQ/ef/y -Gep7+1WjpW/UQvwJ5H2sm6UtBRAfos5U2TubN7fiI9OGsRmIp73BP9TsyP0Mi1rZ -kVAfMEU6pI5dJXTNt6hmzuE6frt+NlHaC9yrs9iEG1m6DQIDAQABo4IBEDCCAQww -DgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATAS -BgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSa7sAVo3Q7x+zxBWCmwpOn+U8a -NTAfBgNVHSMEGDAWgBS182Xy/rAKkh/7PH3zRKCsYyXDFDA2BggrBgEFBQcBAQQq -MCgwJgYIKwYBBQUHMAKGGmh0dHA6Ly9zdGcteDEuaS5sZW5jci5vcmcvMCsGA1Ud -HwQkMCIwIKAeoByGGmh0dHA6Ly9zdGcteDEuYy5sZW5jci5vcmcvMCIGA1UdIAQb -MBkwCAYGZ4EMAQIBMA0GCysGAQQBgt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCw -o/xtzOLhliWC6F6XTdgCqt2FrjLQAXRUnCwnwg44oVbD+Gh9qXREpdpRPVrlIS7T -tobw8Z329nsLZ+wiGvm3wkC3Ka3RWbThLE/MuwVMysaTi5jXLJcQLvHRlW00jHgM -/V8vtJPr5s443KuOX1TFUV5Z/0ZilrBY3sAbgVk2n/fgyonX/JCdiGXt3HODpBh3 -eJH1kKM/EIrVVZwxHCwG1x/LuKpcUpbelF+NDI11neL+AzhU6wmBhgplg4OxzYWD -Xg0LCi6W0/t73HnG8SaRiCAcPyJOGBZtLQLUgfVKSd6DtRMhVcTzM6EjFiJYZuv4 -JHj65p1yFh8+kgJL/kyIWp2+mHgj/QCDaQEJccmWl+dpXm0jyyNBbjKG7oOlCzvH -HEBmrYSlzWI4XcK5C2+1SmSQqXv7vPo8jEVXSftg4Z6mEA8e2S6dt/rvreiQ+fDm -gixNiQRd7lkUqPv1EZhiGMYxhW52taj9A3xlcnD9/tfD7BKFe38ilVblYTU423WY -zAslpz6oDEiftKCZ2VmaUzEsS6Hma/r/SkF5oorVlaz7hE1qcu9HLkRohXPJtw3k -XJcK1hT3rITPasaSTREfwKBQS+y6guxv+IpkZftMEiOUix2cRoICJesxsYDE5tei -Pwrakf/zlLfF4WDZVqrYKsddVqddAoa64LfXxS/B4Q== ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-e1.pem b/certs/lets-encrypt-e1.pem deleted file mode 100644 index 2a19d41..0000000 --- a/certs/lets-encrypt-e1.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICxjCCAk2gAwIBAgIRALO93/inhFu86QOgQTWzSkUwCgYIKoZIzj0EAwMwTzEL -MAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNo -IEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDIwHhcNMjAwOTA0MDAwMDAwWhcN -MjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3MgRW5j -cnlwdDELMAkGA1UEAxMCRTEwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQkXC2iKv0c -S6Zdl3MnMayyoGli72XoprDwrEuf/xwLcA/TmC9N/A8AmzfwdAVXMpcuBe8qQyWj -+240JxP2T35p0wKZXuskR5LBJJvmsSGPwSSB/GjMH2m6WPUZIvd0xhajggEIMIIB -BDAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMB -MBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFFrz7Sv8NsI3eblSMOpUb89V -yy6sMB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEB -BCYwJDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzAnBgNVHR8E -IDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYG -Z4EMAQIBMA0GCysGAQQBgt8TAQEBMAoGCCqGSM49BAMDA2cAMGQCMHt01VITjWH+ -Dbo/AwCd89eYhNlXLr3pD5xcSAQh8suzYHKOl9YST8pE9kLJ03uGqQIwWrGxtO3q -YJkgsTgDyj2gJrjubi1K9sZmHzOa25JK1fUpE8ZwYii6I4zPPS/Lgul/ ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-e2.pem b/certs/lets-encrypt-e2.pem deleted file mode 100644 index 0fd9f40..0000000 --- a/certs/lets-encrypt-e2.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICxjCCAkygAwIBAgIQTtI99q9+x/mwxHJv+VEqdzAKBggqhkjOPQQDAzBPMQsw -CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg -R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw0y -NTA5MTUxNjAwMDBaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNy -eXB0MQswCQYDVQQDEwJFMjB2MBAGByqGSM49AgEGBSuBBAAiA2IABCOaLO3lixmN -YVWex+ZVYOiTLgi0SgNWtU4hufk50VU4Zp/LbBVDxCsnsI7vuf4xp4Cu+ETNggGE -yBqJ3j8iUwe5Yt/qfSrRf1/D5R58duaJ+IvLRXeASRqEL+VkDXrW3qOCAQgwggEE -MA4GA1UdDwEB/wQEAwIBhjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEw -EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUbZkq9U0C6+MRwWC6km+NPS7x -6kQwHwYDVR0jBBgwFoAUfEKWrt5LSDv6kviejM9ti6lyN5UwMgYIKwYBBQUHAQEE -JjAkMCIGCCsGAQUFBzAChhZodHRwOi8veDIuaS5sZW5jci5vcmcvMCcGA1UdHwQg -MB4wHKAaoBiGFmh0dHA6Ly94Mi5jLmxlbmNyLm9yZy8wIgYDVR0gBBswGTAIBgZn -gQwBAgEwDQYLKwYBBAGC3xMBAQEwCgYIKoZIzj0EAwMDaAAwZQIxAPJCN9qpyDmZ -tX8K3m8UYQvK51BrXclM6WfrdeZlUBKyhTXUmFAtJw4X6A0x9mQFPAIwJa/No+KQ -UAM1u34E36neL/Zba7ombkIOchSgx1iVxzqtFWGddgoG+tppRPWhuhhn ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-r3-cross-signed.pem b/certs/lets-encrypt-r3-cross-signed.pem deleted file mode 100644 index 1d82449..0000000 --- a/certs/lets-encrypt-r3-cross-signed.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow -MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT -AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs -jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp -Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB -U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7 -gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel -/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R -oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E -BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p -ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE -p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE -AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu -Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0 -LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf -r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH -ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8 -S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL -qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p -O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw -UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg== ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-r3.pem b/certs/lets-encrypt-r3.pem deleted file mode 100644 index 43b222a..0000000 --- a/certs/lets-encrypt-r3.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw -WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg -RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP -R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx -sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm -NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg -Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG -/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC -AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB -Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA -FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw -Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB -gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W -PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl -ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz -CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm -lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 -avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 -yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O -yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids -hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ -HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv -MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX -nLRbwHOoq7hHwg== ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-r4-cross-signed.pem b/certs/lets-encrypt-r4-cross-signed.pem deleted file mode 100644 index f0ed3cd..0000000 --- a/certs/lets-encrypt-r4-cross-signed.pem +++ /dev/null @@ -1,26 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEZTCCA02gAwIBAgIQQAF1BIMlO+Rkt3exI9CKgjANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0NVoXDTIxMDkyOTE5MjE0NVow -MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT -AlI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyjcdynT55G+87cK -AMf78lULJSJjUzav6Qgg3w2vKD7NxqtXtp2kJRml0jJtSaYIuccvoZuTxSBAa4Qx -IKKOMGAlYO/ZGok/H2lxstrqP3NBxJBvZv19nljYd8/NWXVEyaEKe58/Gw46Zm+2 -dc+Ly6+dwHDF/9KCCq9dzeLonIWUpOYANeh+TjmBxyGJYHfqHZbyi4N7R8RtMsBS -fiMeRbVx7qPvF8IDqZOJ3fWf27rx2uB+l4dxgR4aglbkPnwYogjlFl+o+qjgSFFN -GBSgDKPltsqztVUSa3LHWn87jPnn2dGOEk0zMwMq8RPhQjzCLllgLm3gB0czZd/S -Z8pNhQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E -BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p -ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE -p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE -AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu -Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0 -LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFDadPuCxQPYnLHy/jZ0x -ivZUpkYmMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B -AQsFAAOCAQEAN4CpgPmK2C5pq/RdV9gEdWcvPnPfT9ToucrAMTcn//wyWBWF2wG4 -hvPBQxxuqPECZsi4nLQ45VJpyC1NDd0GqGQIMqNdC4N4TLDtd7Yhy8v5JsfEMUbb -6xW4sKeeeKy3afOkel60Xg1/7ndSmppiHqdh+TdJML1hptRgdxGiB8LMpHuW/oM8 -akfyt4TkBhA8+Wu8MM6dlJyJ7nHBVnEUFQ4Ni+GzNC/pQSL2+Y9Mq4HHIk2ZFy0W -B8KsVwdeNrERPL+LjhhLde1Et0aL9nlv4CqwXHML2LPgk38j/WllbQ/8HRd2VpB+ -JW6Z8JNhcnuBwATHMCeJVCFapoZsPfQQ6Q== ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-r4.pem b/certs/lets-encrypt-r4.pem deleted file mode 100644 index 578b3bd..0000000 --- a/certs/lets-encrypt-r4.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFFjCCAv6gAwIBAgIRAIp5IlCr5SxSbO7Pf8lC3WIwDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw -WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg -RW5jcnlwdDELMAkGA1UEAxMCUjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQCzKNx3KdPnkb7ztwoAx/vyVQslImNTNq/pCCDfDa8oPs3Gq1e2naQlGaXS -Mm1Jpgi5xy+hm5PFIEBrhDEgoo4wYCVg79kaiT8faXGy2uo/c0HEkG9m/X2eWNh3 -z81ZdUTJoQp7nz8bDjpmb7Z1z4vLr53AcMX/0oIKr13N4uichZSk5gA16H5OOYHH -IYlgd+odlvKLg3tHxG0ywFJ+Ix5FtXHuo+8XwgOpk4nd9Z/buvHa4H6Xh3GBHhqC -VuQ+fBiiCOUWX6j6qOBIUU0YFKAMo+W2yrO1VRJrcsdafzuM+efZ0Y4STTMzAyrx -E+FCPMIuWWAubeAHRzNl39Jnyk2FAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC -AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB -Af8CAQAwHQYDVR0OBBYEFDadPuCxQPYnLHy/jZ0xivZUpkYmMB8GA1UdIwQYMBaA -FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw -AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw -Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB -gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCJbu5CalWO+H+Az0lmIG14DXmlYHQE -k26umjuCyioWs2icOlZznPTcZvbfq02YPHGTCu3ctggVDULJ+fwOxKekzIqeyLNk -p8dyFwSAr23DYBIVeXDpxHhShvv0MLJzqqDFBTHYe1X5X2Y7oogy+UDJxV2N24/g -Z8lxG4Vr2/VEfUOrw4Tosl5Z+1uzOdvTyBcxD/E5rGgTLczmulctHy3IMTmdTFr0 -FnU0/HMQoquWQuODhFqzMqNcsdbjANUBwOEQrKI8Sy6+b84kHP7PtO+S4Ik8R2k7 -ZeMlE1JmxBi/PZU860YlwT8/qOYToCHVyDjhv8qutbf2QnUl3SV86th2I1QQE14s -0y7CdAHcHkw3sAEeYGkwCA74MO+VFtnYbf9B2JBOhyyWb5087rGzitu5MTAW41X9 -DwTeXEg+a24tAeht+Y1MionHUwa4j7FB/trN3Fnb/r90+4P66ZETVIEcjseUSMHO -w6yqv10/H/dw/8r2EDUincBBX3o9DL3SadqragkKy96HtMiLcqMMGAPm0gti1b6f -bnvOdr0mrIVIKX5nzOeGZORaYLoSD4C8qvFT7U+Um6DMo36cVDNsPmkF575/s3C2 -CxGiCPQqVxPgfNSh+2CPd2Xv04lNeuw6gG89DlOhHuoFKRlmPnom+gwqhz3ZXMfz -TfmvjrBokzCICA== ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-x1-cross-signed.pem b/certs/lets-encrypt-x1-cross-signed.pem deleted file mode 100644 index 8a92a0b..0000000 --- a/certs/lets-encrypt-x1-cross-signed.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw -PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD -Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB -BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg -PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG -dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1 -gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4 -4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud -EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy -BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j -b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv -ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ -MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH -AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw -MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM -LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3 -pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd -v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd -ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW -ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk -6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj -f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk= ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-x2-cross-signed.pem b/certs/lets-encrypt-x2-cross-signed.pem deleted file mode 100644 index c152625..0000000 --- a/certs/lets-encrypt-x2-cross-signed.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEqDCCA5CgAwIBAgIRAMODTJjAvWslLKN5tm+lKw4wDQYJKoZIhvcNAQELBQAw -PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD -Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjM1MDFaFw0yMDEwMTkyMjM1MDFa -MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD -ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMjCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAOEkdEJ7t5Ex2XP/OKrYzkRctzkK3ESuDb1FuZc3Z6+9UE9f -0xBUa/dB2o5j5m1bwOhAqYxB/NEDif9iYQlg1gcFeJqQvRpkPk/cz3cviWvLZ69B -TcWNAMBr/o2E3LXylTGo6PaQoENKk3Rcsz5DaUuJIkd0UT6ZZMPNJAH5hC8odxci -p93DbAhMZi83dMVvk46wRjcWYdFQmMiwD09YU3ys9totlmFQrUPcCqZPnrVSuZyO -707fRrMx3CD8acKjIHU+7DgbNk5mZtLf9Wakky97pg6UPmA9Skscb7q0TRw8kVhu -L03E2nDb7QE5dsBJ5+k1tRQGkMHlkuIQ/Wu5tIUCAwEAAaOCAZIwggGOMBIGA1Ud -EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy -BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j -b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv -ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ -MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH -AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw -MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM -LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUxbGrTkyxzWQwk37B -hJkFq+YD4iUwDQYJKoZIhvcNAQELBQADggEBAAcSAhaE7rvHxyUnhgkEpMR56o2I -IH+mlw5kknjhAuvaBIAM59MZkFbFg5CrNWt8K+G3UoxJgFwv7HvJJxqwgPpNgXC/ -uT3prkvwt+2lvzKJKbqdH+lo40P8EuSyyJOz2hjrRzNMHbJHYDS9OhF5WC5LOQQa -ydgLZ/JHxXgJypEZqcmVgQ+yYBs0XPwXjE7OE8vbx5REwu7gToMIqAoWRoWW2MxS -g28RGPVnHzHk2XV1nZGy9T+NYQ91vWWJr1pzNEFZ0cnA2xGwTeJ+zZ3URCfw3Z1U -+YAL3YUmrvdoRBlASOTmNJmXSo9qvMYPa3DEomAPoFQFZqsSN6kuqDEIqMA= ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-x3-cross-signed.pem b/certs/lets-encrypt-x3-cross-signed.pem deleted file mode 100644 index 0002462..0000000 --- a/certs/lets-encrypt-x3-cross-signed.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF -q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8 -SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0 -Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA -a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj -/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF -AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo -uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/ -wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu -X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG -PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 -KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== ------END CERTIFICATE----- diff --git a/certs/lets-encrypt-x4-cross-signed.pem b/certs/lets-encrypt-x4-cross-signed.pem deleted file mode 100644 index c0b4eb6..0000000 --- a/certs/lets-encrypt-x4-cross-signed.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc6bLEeMfizANBgkqhkiG9w0BAQsFADA/ -MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT -DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDEwMloXDTIxMDMxNzE2NDEwMlow -SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT -GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFg0MIIBIjANBgkqhkiG9w0BAQEFAAOC -AQ8AMIIBCgKCAQEA4SR0Qnu3kTHZc/84qtjORFy3OQrcRK4NvUW5lzdnr71QT1/T -EFRr90HajmPmbVvA6ECpjEH80QOJ/2JhCWDWBwV4mpC9GmQ+T9zPdy+Ja8tnr0FN -xY0AwGv+jYTctfKVMajo9pCgQ0qTdFyzPkNpS4kiR3RRPplkw80kAfmELyh3FyKn -3cNsCExmLzd0xW+TjrBGNxZh0VCYyLAPT1hTfKz22i2WYVCtQ9wKpk+etVK5nI7v -Tt9GszHcIPxpwqMgdT7sOBs2TmZm0t/1ZqSTL3umDpQ+YD1KSxxvurRNHDyRWG4v -TcTacNvtATl2wEnn6TW1FAaQweWS4hD9a7m0hQIDAQABo4IBfTCCAXkwEgYDVR0T -AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG -CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv -bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k -c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw -VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC -ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz -MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu -Y3JsMB0GA1UdDgQWBBTFsatOTLHNZDCTfsGEmQWr5gPiJTANBgkqhkiG9w0BAQsF -AAOCAQEANlaeSdstfAtqFN3jdRZJFjx9X+Ob3PIDlekPYQ1OQ1Uw43rE1FUj7hUw -g2MJKfs9b7M0WoQg7C20nJY/ajsg7pWhUG3J6rlkDTfVY9faeWi0qsPYXE6BpBDr -5BrW/Xv8yT8U2BiEAmNggWq8dmFl82fghmLzHBM8X8NZ3ZwA1fGePA53AP5IoD+0 -ArpW8Ik1sSuQBjZ8oQLfN+G8OoY7MNRopyLyQQCNy4aWfE+xYnoVoa5+yr+aPiX0 -7YQrY/cKawAn7QB4PyF5//IKSAVs7mAuB68wbMdE3FKfOHfJ24W4z/bIJTrTY8Y5 -Sr4AUhtzf8oVDrHZYWRrP4joIcOu/Q== ------END CERTIFICATE----- diff --git a/certs/letsencryptauthorityx1.pem b/certs/letsencryptauthorityx1.pem deleted file mode 100644 index 0a9a3ce..0000000 --- a/certs/letsencryptauthorityx1.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIRAOeTkL6SBwNJGF95dYHlyoMwDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTIwMDIw -WhcNMjAwNjA0MTIwMDIwWjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg -RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDEwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX -NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf -89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl -Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc -Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz -uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB -AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU -BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB -FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo -SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js -LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF -BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG -AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD -VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB -AGvM/XGv8yafGRGMPP6hnggoI9DGWGf4l0mzjBhuCkDVqoG/7rsH1ytzteePxiA3 -7kqSBo0fXu5GmbWOw09GpwPYyAAY0iWOMU6ybrTJHS466Urzoe/4IwLQoQc219EK -lh+4Ugu1q4KxNY1qMDA/1YX2Qm9M6AcAs1UvZKHSpJQAbsYrbN6obNoUGOeG6ONH -Yr8KRQz5FMfZYcA49fmdDTwKn/pyLOkJFeA/dm/oP99UmKCFoeOa5w9YJr2Vi7ic -Xd59CU8mprWhxFXnma1oU3T8ZNovjib3UHocjlEJfNbDy9zgKTYURcMVweo1dkbH -NbLc5mIjIk/kJ+RPD+chR+gJjy3Gh9xMNkDrZQKfsIO93hxTsZMmgZQ4c+vujC1M -jSak+Ai87YZeYQPh1fCGMSTno5III37DUCtIn8BJxJixuPeOMKsjLLD5AtMVy0fp -d19lcUek4bjDY8/Ujb5/wfn2+Kk7z72SxWdekjtHOWBmKxqq8jDuuMw4ymg1g5n7 -R7TZ/Y3y4bTpWUDkBHFo03xNM21wBFDIrCZZeVhvDW4MtT6+Ass2bcpoHwYcGol2 -gaLDa5k2dkG41OGtXa0fY+TjdryY4cOcstJUKjv2MJku4yaTtjjECX1rJvFLnqYe -wC+FmxjgWPuyRNuLDAWK30mmpcJZ3CmD6dFtAi4h7H37 ------END CERTIFICATE----- diff --git a/certs/letsencryptauthorityx2.pem b/certs/letsencryptauthorityx2.pem deleted file mode 100644 index 3a8e77c..0000000 --- a/certs/letsencryptauthorityx2.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIRAJY2TKc4C+SL3JDGzeC33mgwDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTIwMDMx -WhcNMjAwNjA0MTIwMDMxWjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg -RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDIwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhJHRCe7eRMdlz/ziq2M5EXLc5 -CtxErg29RbmXN2evvVBPX9MQVGv3QdqOY+ZtW8DoQKmMQfzRA4n/YmEJYNYHBXia -kL0aZD5P3M93L4lry2evQU3FjQDAa/6NhNy18pUxqOj2kKBDSpN0XLM+Q2lLiSJH -dFE+mWTDzSQB+YQvKHcXIqfdw2wITGYvN3TFb5OOsEY3FmHRUJjIsA9PWFN8rPba -LZZhUK1D3AqmT561Urmcju9O30azMdwg/GnCoyB1Puw4GzZOZmbS3/VmpJMve6YO -lD5gPUpLHG+6tE0cPJFYbi9NxNpw2+0BOXbASefpNbUUBpDB5ZLiEP1rubSFAgMB -AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU -BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB -FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBTF -satOTLHNZDCTfsGEmQWr5gPiJTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js -LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF -BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG -AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD -VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB -AA4eqMjSEJKCF6XRR5pEutkS/e7xgy2vCYYbw1ospQiGQ4FO5TtbvO+5K4v7WR3b -1peMQ03rX0Dr+ylmGNypZahNxTqDiO0X2sHBwJWj/k61+MYq3bRYxKwI6cduTDXb -YQxilGTDNGZUIFKKIloz4zGAl68sj+8pLg534EqKgl8+rWSxclToS1KrydJezokE -dQRXfxu79iscWA3PIj1vbaUBB16lnWJxA3LhTGhUrhZrCnFuOZ93KO8kCKPM7EVo -7c4FCYKI8eWDsf0FF49A4xMUmxPJAPIyZkwQ8KkjpzcTHOmT4CEXUhNu9eMI9qBK -VSFDDMifJ8HzCaVLyMvY1Kf7iR+840EkX1EGC+Z39EaK1hjm314LYpLoYGvYYLJO -/J76XAx8ZgpofqHz1gAEfiMLMLxLQkOjKLXqoUEd5KdnzaO3aLH91gnasy8aD4D5 -9RfEO2xcaozD2rbYsoAMVzcZZHw0Smdmobaz2YazMBjFRcqGntg6s5Xqwusaleiy -snjMCC/9mvIPqGyuVnBPTBaUDFDEhX6qD2MX4dzODL91Z0ogYDWcFLN+uLnZKHje -4JoNuzkJ2FXWOREcsW93KXb+3T8COjhTDKvK4H6ufdrZxxusx60ajJAMBzW0XTf5 -nm2yGEDtyVoMgJLp0rkiPlormgHxSkFDOJbY94J7yxRK ------END CERTIFICATE----- diff --git a/certs/letsencryptauthorityx3.pem b/certs/letsencryptauthorityx3.pem deleted file mode 100644 index 4e82cb5..0000000 --- a/certs/letsencryptauthorityx3.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIRANOxciY0IzLc9AUoUSrsnGowDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0MzU1 -WhcNMjExMDA2MTU0MzU1WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg -RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDMwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCc0wzwWuUuR7dyXTeDs2hjMOrX -NSYZJeG9vjXxcJIvt7hLQQWrqZ41CFjssSrEaIcLo+N15Obzp2JxunmBYB/XkZqf -89B4Z3HIaQ6Vkc/+5pnpYDxIzH7KTXcSJJ1HG1rrueweNwAcnKx7pwXqzkrrvUHl -Npi5y/1tPJZo3yMqQpAMhnRnyH+lmrhSYRQTP2XpgofL2/oOVvaGifOFP5eGr7Dc -Gu9rDZUWfcQroGWymQQ2dYBrrErzG5BJeC+ilk8qICUpBMZ0wNAxzY8xOJUWuqgz -uEPxsR/DMH+ieTETPS02+OP88jNquTkxxa/EjQ0dZBYzqvqEKbbUC8DYfcOTAgMB -AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU -BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB -FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBSo -SmpjBH3duubRObemRWXv86jsoTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js -LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF -BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG -AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD -VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB -ABnPdSA0LTqmRf/Q1eaM2jLonG4bQdEnqOJQ8nCqxOeTRrToEKtwT++36gTSlBGx -A/5dut82jJQ2jxN8RI8L9QFXrWi4xXnA2EqA10yjHiR6H9cj6MFiOnb5In1eWsRM -UM2v3e9tNsCAgBukPHAg1lQh07rvFKm/Bz9BCjaxorALINUfZ9DD64j2igLIxle2 -DPxW8dI/F2loHMjXZjqG8RkqZUdoxtID5+90FgsGIfkMpqgRS05f4zPbCEHqCXl1 -eO5HyELTgcVlLXXQDgAWnRzut1hFJeczY1tjQQno6f6s+nMydLN26WuU4s3UYvOu -OsUxRlJu7TSRHqDC3lSE5XggVkzdaPkuKGQbGpny+01/47hfXXNB7HntWNZ6N2Vw -p7G6OfY+YQrZwIaQmhrIqJZuigsrbe3W+gdn5ykE9+Ky0VgVUsfxo52mwFYs1JKY -2PGDuWx8M6DlS6qQkvHaRUo0FMd8TsSlbF0/v965qGFKhSDeQoMpYnwcmQilRh/0 -ayLThlHLN81gSkJjVrPI0Y8xCVPB4twb1PFUd2fPM3sA1tJ83sZ5v8vgFv2yofKR -PB0t6JzUA81mSqM3kxl5e+IZwhYAyO0OTg3/fs8HqGTNKd9BqoUwSRBzp06JMg5b -rUCGwbCUDI0mxadJ3Bz4WxR6fyNpBK2yAinWEsikxqEt ------END CERTIFICATE----- diff --git a/certs/letsencryptauthorityx4.pem b/certs/letsencryptauthorityx4.pem deleted file mode 100644 index 34064da..0000000 --- a/certs/letsencryptauthorityx4.pem +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFjTCCA3WgAwIBAgIRAJObmZ6kjhYNW0JZtD0gE9owDQYJKoZIhvcNAQELBQAw -TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh -cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTYxMDA2MTU0NDM0 -WhcNMjExMDA2MTU0NDM0WjBKMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg -RW5jcnlwdDEjMCEGA1UEAxMaTGV0J3MgRW5jcnlwdCBBdXRob3JpdHkgWDQwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDhJHRCe7eRMdlz/ziq2M5EXLc5 -CtxErg29RbmXN2evvVBPX9MQVGv3QdqOY+ZtW8DoQKmMQfzRA4n/YmEJYNYHBXia -kL0aZD5P3M93L4lry2evQU3FjQDAa/6NhNy18pUxqOj2kKBDSpN0XLM+Q2lLiSJH -dFE+mWTDzSQB+YQvKHcXIqfdw2wITGYvN3TFb5OOsEY3FmHRUJjIsA9PWFN8rPba -LZZhUK1D3AqmT561Urmcju9O30azMdwg/GnCoyB1Puw4GzZOZmbS3/VmpJMve6YO -lD5gPUpLHG+6tE0cPJFYbi9NxNpw2+0BOXbASefpNbUUBpDB5ZLiEP1rubSFAgMB -AAGjggFnMIIBYzAOBgNVHQ8BAf8EBAMCAYYwEgYDVR0TAQH/BAgwBgEB/wIBADBU -BgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIB -FiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMB0GA1UdDgQWBBTF -satOTLHNZDCTfsGEmQWr5gPiJTAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8vY3Js -LnJvb3QteDEubGV0c2VuY3J5cHQub3JnMHIGCCsGAQUFBwEBBGYwZDAwBggrBgEF -BQcwAYYkaHR0cDovL29jc3Aucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcvMDAGCCsG -AQUFBzAChiRodHRwOi8vY2VydC5yb290LXgxLmxldHNlbmNyeXB0Lm9yZy8wHwYD -VR0jBBgwFoAUebRZ5nu25eQBc4AIiMgaWPbpm24wDQYJKoZIhvcNAQELBQADggIB -AF4tI1yGjZgld9lP01+zftU3aSV0un0d2GKUMO7GxvwTLWAKQz/eT+u3J4+GvpD+ -BMfopIxkJcDCzMChjjZtZZwJpIY7BatVrO6OkEmaRNITtbZ/hCwNkUnbk3C7EG3O -GJZlo9b2wzA8v9WBsPzHpTvLfOr+dS57LLPZBhp3ArHaLbdk33lIONRPt9sseDEk -mdHnVmGmBRf4+J0Wy67mddOvz5rHH8uzY94raOayf20gzzcmqmot4hPXtDG4Y49M -oFMMT2kcWck3EOTAH6QiGWkGJ7cxMfSL3S0niA6wgFJtfETETOZu8AVDgENgCJ3D -S0bz/dhVKvs3WRkaKuuR/W0nnC2VDdaFj4+CRF8LGtn/8ERaH48TktH5BDyDVcF9 -zfJ75Scxcy23jAL2N6w3n/t3nnqoXt9Im4FprDr+mP1g2Z6Lf2YA0jE3kZalgZ6l -NHu4CmvJYoOTSJw9X2qlGl1K+B4U327rG1tRxgjM76pN6lIS02PMECoyKJigpOSB -u4V8+LVaUMezCJH9Qf4EKeZTHddQ1t96zvNd2s9ewSKx/DblXbKsBDzIdHJ+qi6+ -F9DIVM5/ICdtDdulOO+dr/BXB+pBZ3uVxjRANvJKKpdxkePyluITSNZHbanWRN07 -gMvwBWOL060i4VrL9er1sBQrRjU9iNpZQGTnLVAxQVFu ------END CERTIFICATE----- -- cgit v1.2.3 From 98e4397f5330245cb7f8a21054ab078c4d0bba82 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 13 Jun 2024 15:54:11 +0200 Subject: Fix test suite. Since we don't pin staging intermediate certificates anymore we drop the test where the CA bundle contains only intermediates. --- tests/cert-verify | 22 +++++----------------- tests/old-lacme | 9 +++++---- 2 files changed, 10 insertions(+), 21 deletions(-) diff --git a/tests/cert-verify b/tests/cert-verify index 4d254c6..a6cd336 100644 --- a/tests/cert-verify +++ b/tests/cert-verify @@ -8,31 +8,19 @@ for ca in /usr/share/lacme/letsencrypt-stg-root-*.pem; do done update-ca-certificates -# test (modified) trust store for intermediate certificates -openssl verify -no-CAfile -CApath /etc/ssl/certs -show_chain /usr/share/lacme/letsencrypt-stg-int-*.pem -openssl verify -no-CApath -CAfile /etc/ssl/certs/ca-certificates.crt -show_chain /usr/share/lacme/letsencrypt-stg-int-*.pem +# test (modified) trust store +openssl verify -no-CAfile -CApath /etc/ssl/certs -show_chain /usr/share/lacme/letsencrypt-stg-root-x1.pem +openssl verify -no-CApath -CAfile /etc/ssl/certs/ca-certificates.crt -show_chain /usr/share/lacme/letsencrypt-stg-root-x1.pem mv /usr/share/lacme/ca-certificates.crt /usr/share/lacme/ca-certificates.crt.back ! lacme newOrder 2>"$STDERR" || fail -grepstderr -Fxq "Could not open file or uri for loading certs of trusted certificates from /usr/share/lacme/ca-certificates.crt" +grepstderr -Fq "Could not open file or uri for loading trusted certificates from /usr/share/lacme/ca-certificates.crt:" grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!" # verification error for unrelated CA bundle cat /etc/ssl/certs/ssl-cert-snakeoil.pem >/usr/share/lacme/ca-certificates.crt ! lacme newOrder 2>"$STDERR" || fail -grepstderr -Fxq "error 20 at 0 depth lookup: unable to get local issuer certificate" -grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!" - -# verification error when the CA bundle contains only the root certificates -cat /usr/share/lacme/letsencrypt-stg-root-*.pem >/usr/share/lacme/ca-certificates.crt -! lacme newOrder 2>"$STDERR" || fail -grepstderr -Fxq "error 20 at 0 depth lookup: unable to get local issuer certificate" -grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!" - -# verification error when the CA bundle contains only the intermediate certificates -cat /usr/share/lacme/letsencrypt-stg-int-*.pem >/usr/share/lacme/ca-certificates.crt -! lacme newOrder 2>"$STDERR" || fail -grepstderr -Fxq "error 2 at 1 depth lookup: unable to get issuer certificate" +grepstderr -Fxq "error 20 at 1 depth lookup: unable to get local issuer certificate" grepstderr -Fxq "[simpletest-rsa] Error: Received invalid X.509 certificate from ACME server!" # use saved bundle as custom CAfile diff --git a/tests/old-lacme b/tests/old-lacme index b1c9f88..278a705 100644 --- a/tests/old-lacme +++ b/tests/old-lacme @@ -1,5 +1,6 @@ -# IPC test between recent lacme-accountd(1) and ancient lacme(8) 0.5 from Debian buster -# (we don't try earlier versions as we need v2 support of the ACME API) +# IPC test between recent lacme-accountd(1) and ancient lacme(8) 0.8 from Debian Bullseye +# (we don't try earlier versions as we need v2 support of the ACME API +# and non-pinned intermediates) adduser --disabled-password \ --home /home/lacme-account \ @@ -14,12 +15,12 @@ cat >~lacme-account/.config/lacme/lacme-accountd.conf <<-EOF privkey = file:/etc/lacme/account.key EOF -echo "deb http://deb.debian.org/debian buster main" >>/etc/apt/sources.list +echo "deb http://deb.debian.org/debian bullseye main" >>/etc/apt/sources.list DEBIAN_FRONTEND="noninteractive" apt update DEBIAN_FRONTEND="noninteractive" apt install -y --no-install-recommends \ --reinstall --allow-downgrades \ -oDPkg::Options::="--force-confdef" -oDPkg::Options::="--force-overwrite" \ - lacme/buster + lacme/bullseye # restore staging environment mv -f /usr/share/lacme/ca-certificates.crt.back /usr/share/lacme/ca-certificates.crt -- cgit v1.2.3 From ce6a95d172dbefd0e310c46e0a0d9c56d19e34ca Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Thu, 13 Jun 2024 17:39:34 +0200 Subject: Prepare new release v0.8.3. --- Changelog | 14 ++++++++++++++ client | 2 +- lacme | 2 +- lacme-accountd | 2 +- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/Changelog b/Changelog index 2863d18..5c91365 100644 --- a/Changelog +++ b/Changelog @@ -1,3 +1,17 @@ +lacme (0.8.3) upstream; + + + Fix post-issuance validation logic. We avoid pining the + intermediate certificates in the bundle and instead validate the + leaf certificate with intermediates supplied during issuance as + untrusted (used for chain building only). Only the root + certificates are used as trust anchor. Not pining intermediate + certificates is in line with Let's Encrypt's latest recommendations. + + Pass `-in /dev/stdin` option to openssl(1) to avoid warning with + OpenSSL 3.2 or later. + + Fix test suite. + + -- Guilhem Moulin Thu, 13 Jun 2024 17:39:34 +0200 + lacme (0.8.2) upstream; + client: Handle "ready" → "processing" → "valid" status change during diff --git a/client b/client index d993518..2a5ee3c 100755 --- a/client +++ b/client @@ -43,7 +43,7 @@ use warnings; # instance own by another user and created with umask 0177) is not a # problem since SOCKET_FD can be bound as root prior to the execve(2). -our $VERSION = '0.8.2'; +our $VERSION = '0.8.3'; my $PROTOCOL_VERSION = 1; my $NAME = 'lacme-client'; diff --git a/lacme b/lacme index b167f9b..37d3a51 100755 --- a/lacme +++ b/lacme @@ -22,7 +22,7 @@ use v5.14.2; use strict; use warnings; -our $VERSION = '0.8.2'; +our $VERSION = '0.8.3'; my $NAME = 'lacme'; use Errno 'EINTR'; diff --git a/lacme-accountd b/lacme-accountd index 8d2c599..5bc8b5f 100755 --- a/lacme-accountd +++ b/lacme-accountd @@ -23,7 +23,7 @@ use v5.14.2; use strict; use warnings; -our $VERSION = '0.8.2'; +our $VERSION = '0.8.3'; my $PROTOCOL_VERSION = 1; my $NAME = 'lacme-accountd'; -- cgit v1.2.3