From b1452518fca328d8432e29a89c864f7ab6b7fda0 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Sat, 21 Jun 2025 18:16:58 -0400 Subject: [PATCH] certbot: switch to --required-profile --- certbot/0.grapheneos.network | 4 ++-- certbot/0.grapheneos.org | 2 +- certbot/0.ns1.grapheneos.org | 2 +- certbot/0.ns2.grapheneos.org | 2 +- certbot/4.releases.grapheneos.org | 2 +- certbot/attestation.app | 2 +- certbot/discuss.grapheneos.org | 2 +- certbot/grapheneos.social | 2 +- certbot/mail.grapheneos.org | 2 +- certbot/matrix.grapheneos.org | 2 +- certbot/ns1.staging.grapheneos.org | 2 +- certbot/staging.attestation.app | 2 +- certbot/staging.grapheneos.org | 2 +- 13 files changed, 14 insertions(+), 14 deletions(-) diff --git a/certbot/0.grapheneos.network b/certbot/0.grapheneos.network index 5317683..8ff56ab 100644 --- a/certbot/0.grapheneos.network +++ b/certbot/0.grapheneos.network @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name grapheneos.network \ -d grapheneos.network \ @@ -21,7 +21,7 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ -d dl.vanadium.app certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type rsa --rsa-key-size 3072 --reuse-key --preferred-profile tlsserver \ + --key-type rsa --rsa-key-size 3072 --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name supl.grapheneos.org \ -d supl.grapheneos.org diff --git a/certbot/0.grapheneos.org b/certbot/0.grapheneos.org index e00ef36..b20f255 100644 --- a/certbot/0.grapheneos.org +++ b/certbot/0.grapheneos.org @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name grapheneos.org \ -d grapheneos.org \ diff --git a/certbot/0.ns1.grapheneos.org b/certbot/0.ns1.grapheneos.org index 2e1372d..da71297 100644 --- a/certbot/0.ns1.grapheneos.org +++ b/certbot/0.ns1.grapheneos.org @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload; rsync -rLvc --delete --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \ --cert-name ns1.grapheneos.org \ -d ns1.grapheneos.org \ diff --git a/certbot/0.ns2.grapheneos.org b/certbot/0.ns2.grapheneos.org index ecdd636..686dede 100644 --- a/certbot/0.ns2.grapheneos.org +++ b/certbot/0.ns2.grapheneos.org @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload; rsync -rLvc --delete --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \ --cert-name ns2.grapheneos.org \ -d ns2.grapheneos.org \ diff --git a/certbot/4.releases.grapheneos.org b/certbot/4.releases.grapheneos.org index 08fb954..cefa27e 100644 --- a/certbot/4.releases.grapheneos.org +++ b/certbot/4.releases.grapheneos.org @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name releases.grapheneos.org \ -d releases.grapheneos.org \ diff --git a/certbot/attestation.app b/certbot/attestation.app index c69cc1c..317372e 100644 --- a/certbot/attestation.app +++ b/certbot/attestation.app @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name attestation.app \ -d attestation.app \ diff --git a/certbot/discuss.grapheneos.org b/certbot/discuss.grapheneos.org index 2acf4ea..f6d5d12 100644 --- a/certbot/discuss.grapheneos.org +++ b/certbot/discuss.grapheneos.org @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name discuss.grapheneos.org \ -d discuss.grapheneos.org diff --git a/certbot/grapheneos.social b/certbot/grapheneos.social index 49fb7b4..bb40b06 100644 --- a/certbot/grapheneos.social +++ b/certbot/grapheneos.social @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name grapheneos.social \ -d grapheneos.social \ diff --git a/certbot/mail.grapheneos.org b/certbot/mail.grapheneos.org index a441a93..3f9f9bc 100644 --- a/certbot/mail.grapheneos.org +++ b/certbot/mail.grapheneos.org @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name mta-sts.mail.grapheneos.org \ -d mail.grapheneos.org \ diff --git a/certbot/matrix.grapheneos.org b/certbot/matrix.grapheneos.org index 4e396ae..2b092d7 100644 --- a/certbot/matrix.grapheneos.org +++ b/certbot/matrix.grapheneos.org @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name matrix.grapheneos.org \ -d matrix.grapheneos.org \ diff --git a/certbot/ns1.staging.grapheneos.org b/certbot/ns1.staging.grapheneos.org index b6991cc..5323d6b 100644 --- a/certbot/ns1.staging.grapheneos.org +++ b/certbot/ns1.staging.grapheneos.org @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload; rsync -rLvc --delete --chmod=D750,F640 --chown root:dnsdist /etc/letsencrypt/live/ /etc/letsencrypt/dnsdist/; dnsdist -c -e 'reloadAllCertificates()'" \ --cert-name ns1.staging.grapheneos.org \ -d ns1.staging.grapheneos.org \ diff --git a/certbot/staging.attestation.app b/certbot/staging.attestation.app index 7173d69..a678498 100644 --- a/certbot/staging.attestation.app +++ b/certbot/staging.attestation.app @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name staging.attestation.app \ -d staging.attestation.app diff --git a/certbot/staging.grapheneos.org b/certbot/staging.grapheneos.org index 767e381..4627417 100644 --- a/certbot/staging.grapheneos.org +++ b/certbot/staging.grapheneos.org @@ -1,5 +1,5 @@ certbot certonly --webroot --webroot-path /srv/certbot --no-eff-email \ - --key-type ecdsa --reuse-key --preferred-profile tlsserver \ + --key-type ecdsa --reuse-key --required-profile tlsserver \ --deploy-hook "nginx -s reload" \ --cert-name staging.grapheneos.org \ -d staging.grapheneos.org