move mta-sts.mail.grapheneos.org to mail server

2024-09-28 19:45:41 +00:00 · 2023-06-21 13:48:41 -04:00 · 2023-06-21 13:48:41 -04:00 · 3034c845c9
commit 3034c845c9
parent a07fa271e3
3 changed files with 7 additions and 2 deletions
--- a/certbot/0.grapheneos.org
+++ b/certbot/0.grapheneos.org
@ -5,7 +5,6 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
    -d grapheneos.org \
    -d www.grapheneos.org \
    -d mta-sts.grapheneos.org \
-    -d mta-sts.mail.grapheneos.org \
    -d grapheneos.app \
    -d mta-sts.grapheneos.app \
    -d www.grapheneos.app \
--- a/certbot/mail.grapheneos.org
+++ b/certbot/mail.grapheneos.org
@ -1,4 +1,4 @@
-certbot certonly --standalone --no-eff-email \
+certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
    --key-type rsa --rsa-key-size 3072 --reuse-key --preferred-chain "ISRG Root X1" \
    --deploy-hook "/usr/local/bin/certbot-ocsp-fetcher -o /etc/nginx/ocsp-cache" \
    --cert-name mail.grapheneos.org \
--- a/certbot/mta-sts.mail.grapheneos.org
+++ b/certbot/mta-sts.mail.grapheneos.org
@ -0,0 +1,6 @@
+certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \
+    --key-type ecdsa --reuse-key --must-staple --preferred-chain "ISRG Root X1" \
+    --deploy-hook "/usr/local/bin/certbot-ocsp-fetcher -o /etc/nginx/ocsp-cache" \
+    --cert-name mta-sts.mail.grapheneos.org \
+    -d mta-sts.mail.grapheneos.org \
+    -d mail.grapheneos.org