Daniel Micay
c9d7aa52a6
remove duplicate domain
2025-05-08 22:26:56 -04:00
Daniel Micay
e9cbaebe22
split supl.grapheneos.org certificate for non-SNI
2025-05-08 22:26:56 -04:00
Daniel Micay
90a7780b5e
migrate to new tlsserver Let's Encrypt profile
...
We can no longer use OCSP stapling and Must-Staple. These will soon be
obsolete once the `shortlived` profile is available for public use since
it will provide certificates with a similar lifetime as OCSP responses.
In the meantime, we've moved to the `tlsserver` profile stripping legacy
features to prepare for the `shortlived` profile which will be identical
to `tlsserver` but with a validity period of 6 days.
The certificate for SUPL is still temporarily using the classic profile
to work around the older generations of end-of-life Snapdragon Pixels
not having support for SNI. We can eventually drop support for these
devices from the SUPL service to allow us to disable TLSv1.1, DHE and
move to the `tlsserver` or `shortlived` profile.
The certificate for SMTP is still temporarily using the classic profile
to avoid potential compatibility issues with servers supporting TLSv1.2
but still not yet supporting SNI.
2025-05-08 22:26:43 -04:00
Daniel Micay
566f1a10d2
rename ns1.grapheneos.org to 0.ns1.grapheneos.org
2025-05-03 18:13:18 -04:00
Daniel Micay
7cd1fcb8a3
temporarily rename releases certbot configuration
2025-04-30 23:30:49 -04:00
Daniel Micay
ed2aeeed88
add nominatim.grapheneos.org subdomain for network server
2024-11-20 02:40:40 -05:00
Daniel Micay
ce3ab7802c
certbot: add gs-loc.apple.grapheneos.org
2024-09-26 14:55:04 -04:00
Daniel Micay
1ed92eb04c
short ISRG Root X1 chain is now the default
2024-06-04 13:26:50 -04:00
Daniel Micay
38dc2fb4d2
add samsung.psds.grapheneos.org subdomain
2024-05-15 14:36:26 -04:00
Daniel Micay
8278883a84
add grapheneos.foundation domain
2024-04-13 19:18:03 -04:00
Daniel Micay
275d63e8b3
certbot: add ns2 variant of staging authoritative DNS
2024-04-08 17:06:43 -04:00
Daniel Micay
50de6d59c0
switch main domain for ECDSA mail server cert
2024-01-25 12:55:57 -05:00
Daniel Micay
c1a826278e
add widevineprovisioning.grapheneos.org
2023-12-02 02:16:42 -05:00
Daniel Micay
f9bd8e2476
switch domain order for nameserver certbot setup
2023-11-05 01:33:56 -05:00
Daniel Micay
ebd0c7d8d0
add staging nameserver certbot setup
2023-11-05 01:32:44 -05:00
Daniel Micay
38bb002a01
add authenticated DNS-over-TLS to nameservers
2023-11-05 00:51:33 -04:00
Daniel Micay
067b42213f
update ocsp cache path for certbot deploy hook
2023-08-21 03:20:50 -04:00
Daniel Micay
adec4b9bda
certbot: drop absolute path for deploy hook
2023-08-21 03:19:47 -04:00
Daniel Micay
48c9636fbd
set proper mail.grapheneos.org certbot hook
2023-07-06 18:54:48 -04:00
Daniel Micay
45c79b3909
drop legacy connectivity check subdomain
2023-07-03 17:03:17 -04:00
Daniel Micay
9cec692b28
fix staging.attestation.app name for certbot
2023-06-29 13:25:10 -04:00
Daniel Micay
82bf5e752c
add mail.grapheneos.net fallback name for MX
2023-06-23 11:59:52 -04:00
Daniel Micay
d128124200
move website server mta-sts to mail server
2023-06-21 14:53:07 -04:00
Daniel Micay
4abeaf06f5
move network server mta-sts to mail server
2023-06-21 14:43:06 -04:00
Daniel Micay
884906f160
move mta-sts.seamlessupdate.app to mail server
2023-06-21 14:37:46 -04:00
Daniel Micay
5c6f540cf3
move mta-sts.matrix.grapheneos.org to mail server
2023-06-21 14:31:49 -04:00
Daniel Micay
dc840b7925
move mta-sts.grapheneos.social to mail server
2023-06-21 14:20:43 -04:00
Daniel Micay
aa89e675d6
move mta-sts.discuss.grapheneos.org to mail server
2023-06-21 14:20:21 -04:00
Daniel Micay
95e0c68cb0
move mta-sts.attestation.app to mail server
2023-06-21 13:59:46 -04:00
Daniel Micay
3034c845c9
move mta-sts.mail.grapheneos.org to mail server
2023-06-21 13:51:09 -04:00
Daniel Micay
a07fa271e3
fix domain for mail.grapheneos.org certbot init
2023-06-21 13:40:43 -04:00
Daniel Micay
593701cd63
add certbot commands
2023-05-22 18:44:50 -04:00
