renewed demo.bitmask.net certificate

author: elijah <elijah@riseup.net> 2016-08-31 14:20:52 -0700
committer: elijah <elijah@riseup.net> 2016-08-31 14:20:52 -0700
commit: 30188a14256f4c423ba80a17aa0ddeaf3b9f1267 (patch)
tree: 2fda3a670cacd2df73ea3ba83bffba974a4e816c
parent: 360053766a93e41857c05276f72befeb926550b3 (diff)
17 files changed, 297 insertions, 152 deletions
diff --git a/common.json b/common.json
index a5147b4..b991b29 100644
--- a/common.json
+++ b/common.json
@@ -6,11 +6,5 @@
     "mosh": {
       "enabled": true
     }
-  },
-  //
-  // if you don't want to use let's encrypt, apply the tag 'comodo'
-  //
-  "x509": {
-    "commercial_ca_cert": "= x509.use_commercial ? file('cert/lets_encrypt_ca.crt') : nil"
   }
 }
diff --git a/files/ca/lets-encrypt-account.json b/files/ca/lets-encrypt-account.json
new file mode 100644
index 0000000..d7e90b5
--- /dev/null
+++ b/files/ca/lets-encrypt-account.json
@@ -0,0 +1,12 @@
+{
+  "contact": [
+    "mailto:sysdev@leap.se"
+  ],
+  "id": 3825914,
+  "key": {
+    "e": "AQAB",
+    "kty": "RSA",
+    "n": "x2XSRQoxXHzTaslZMjQIeMN14BaratKb4M1Bm1dkQUMEB9DEFqzbctTgjM8o9zBJkNcs800B--dGlfPmr_YFszZzXiA8MiHZKKrJHKuHsNDJ_CKi6IilqM4ZUI34BZGHaSF7HXuVQeUYJoAcw8DoT2vAfYSPED3ksUeNtEOOIN_nDAkS8RufQTfD3VpaU984KLOMiSy3As48_unFW6bilEemQo7XG7Dn6uIqDL5qhhOw0rKmF-q2sfk8f-_kABnitP_JRUhIKH3-oJabmeo8PMKGjCo39p5fWPoBc3gV5sWzxQSIIFJzUzBq-I7Xim-OvOKpEgC_HgPPSCgVZUJgZS1JOFJmit9xEO0krHi0X2Z6qq8HdaPzFTw05-vtWPHKl9aO6jI7ySjLKZ1XJIgeGiarx9ClvfsFh_7Bqfk0AGF2fQWpGNcvZ3SzTnE0paOXukFsGpD_5bLUtT7Or5dOn_WQE55ehpZPNaQdI3df3DMt5R4LSCMm9ZKBRIz1wWyIPy6qVkTkdLji_1SgH6851DxDnGJzB08i2cqoV2gWrtzaIV1TjCeam5FXnJgGHQwDHr5ydc1UUcljo0HgcDEg4WmWhbbkvDOZcXHDQR5WYOzpuz-Xm6Y6u09xui09wkmwYYMldxNTqnGoo6qJh3-b4XZKbva5hmD6LimljvyyOP8"
+  },
+  "uri": "https://acme-v01.api.letsencrypt.org/acme/reg/3825914"
+}
+\ No newline at end of file
diff --git a/files/ca/lets-encrypt-account.key b/files/ca/lets-encrypt-account.key
new file mode 100644
index 0000000..c6b0bc9
--- /dev/null
+++ b/files/ca/lets-encrypt-account.key
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAx2XSRQoxXHzTaslZMjQIeMN14BaratKb4M1Bm1dkQUMEB9DE
+FqzbctTgjM8o9zBJkNcs800B++dGlfPmr/YFszZzXiA8MiHZKKrJHKuHsNDJ/CKi
+6IilqM4ZUI34BZGHaSF7HXuVQeUYJoAcw8DoT2vAfYSPED3ksUeNtEOOIN/nDAkS
+8RufQTfD3VpaU984KLOMiSy3As48/unFW6bilEemQo7XG7Dn6uIqDL5qhhOw0rKm
+F+q2sfk8f+/kABnitP/JRUhIKH3+oJabmeo8PMKGjCo39p5fWPoBc3gV5sWzxQSI
+IFJzUzBq+I7Xim+OvOKpEgC/HgPPSCgVZUJgZS1JOFJmit9xEO0krHi0X2Z6qq8H
+daPzFTw05+vtWPHKl9aO6jI7ySjLKZ1XJIgeGiarx9ClvfsFh/7Bqfk0AGF2fQWp
+GNcvZ3SzTnE0paOXukFsGpD/5bLUtT7Or5dOn/WQE55ehpZPNaQdI3df3DMt5R4L
+SCMm9ZKBRIz1wWyIPy6qVkTkdLji/1SgH6851DxDnGJzB08i2cqoV2gWrtzaIV1T
+jCeam5FXnJgGHQwDHr5ydc1UUcljo0HgcDEg4WmWhbbkvDOZcXHDQR5WYOzpuz+X
+m6Y6u09xui09wkmwYYMldxNTqnGoo6qJh3+b4XZKbva5hmD6LimljvyyOP8CAwEA
+AQKCAgA1rRk/cJD9HrUi5/TU6ODm8WcH3dJjPTKs/1QL5yib0NiC6hX/LKUecmPI
+Q/P5JsyG6wW0sSQ5lXaQ40lUUNwT9DJ2QiMyM55rrh3ZU+uBE5NsBj7obfB6UpDJ
++I2tohFboaGsvBnf1TX9FzunDoT67DyzDT4d1yt69ZIV1qGqA9wEh2TL9u2V9tcI
+/UuXjF1nx32rZ5gUb0RIMtHn7DLOS8Nb42vQjny/5AYBzDiMwzw0W9cOVSa9HiTF
+I+SyikVXCAw8VEroa5Jh1Gkqs71ndc4WaT8LanKsVxCQ7uCmcM4F2URzvv5AhKYn
+JvyqzYEVI8bzi7Pm9ouUFwY7bfTYjgSJ6zQ1SpeP9PftschKEUaaj+bE5pCqta63
+O5J2DLwYTlN7nSmD2Jft8sNlj2Pxx0aQGieKvluL2XqhRnmJksIEOLcpg/zDtMeu
+vZGF2sx8lHr0hUSq02g8NjfChs1bgskh4bMAgTn5M15RBFOsdGRuG32VhoAt9iBb
+s30oM7h0epc3POFgMtGpIAXUY80VWxRC4aOJpVWsy/zKKTdFUoNArxtlY5rwYlrh
+CCuaSnWelph3GwZN83yTbqKzCr0HS0BMwQgs2P9qVVPeWw3kVcXJKbKAqtZw5Nqd
+8ASWH9dIingEKoJRiIVENuX3PuNUFKbIlXn0FMzQJD+zHzEI0QKCAQEA5F+rfElO
+I3wRv1AZGc+RHoHXCX6COQoayfGKIze+cpR4ld68aCPmMTSB4e9rKrEaVWSbn4yn
++v8qI1juxIOR13mvNmIbUTnVeTOOzXP5wbV0WKcntEJd6Qt0STdHI6b+/K6s1zQb
+zKQXKqlx+5dr3gIy1V8t1dNCjMWoLTOGUiILO2q3wwIebjn+QkSEuy+xrg3FEB3h
+9OATzaVn0qSfLWPThKv64c6v45Z6H/Bq7Q4Aw9afk4UIvDMpfhyUPI13Zz1TK7pX
+d8QWnjUdlNSyz4q8TGJChWHr7DPdTTdNmEvuaNAdPWxX5Tqw/YIF1Cfqw6j4j4Gd
++7sW+rNLz/YTswKCAQEA34TRIMj67jXLT0PVxsMzbYuXcskqBFqUX0MmYKRmLrt2
+Iy0eMghQ/JVe0dHDttlDGdsxLFCIhWAKYDv4DFZZDwdahmmyZggIT3BCC3jhVehR
+j9qOJ2VVDqsMOG3ASstDSciUCinzKD45Pe9+e6+VvZtV4U03WfwTg9PJ0v3CPoWL
+HbYs1AGqML7yA5nZyl9EiZn3ZFlV3TdlHnNOOSo5kRjds5BQXZ5bVdRbGqejlIaH
+hw7peX3k/OaLTiNuo5NMK708KNOmRtB1t/tSp6gOPUOdam8nbH2DCruSty8kYkJJ
+HLSA8vnsunmpexwF0mu1G/AQckSRUdFncR4110OPhQKCAQEAnj+hD/Wn/LTLg3tY
+eWc40x/7x2tvh2D2ITuLkk3dXX5+dLOscKl3qF8PJWWHKEUiz0tw/0UzXZ0VMPs+
+MNRO6jY68H9ZGJbv0xWj/cBAsDcx0QC7ZZCbjJJQWS/BzvW4OZY81L8aCFsoZnqW
+LlXF/Egfu3VByKqksfGBURkkGaPXjqurfKjqN01eX8MlCqTJBagrBrj+S3Y+osDc
+Sb2jQ4uqFYQqy/AyN42dQKaTIYMTiqEdYNbNr8PwG6BoI/GPbO20xVdRpv8tASIj
+Rm+BHImxY2ivWcf5+GoUDp6k2US8hsq3iEmcOo7J+FDyAwpKBpz+6EpUFAyXps85
+WHjXOwKCAQEA0YySBvuFDMhQB8rf40zjrQKehJWFl7lXuouYsifOSGelFMtasKtN
+Sc+7qlfO9WBwYRA25IXHx8rHT3tJTD+zlLxfKP50quVC7T6gHGNCVijMNmI+vT5p
+5KuFdG2oRjaTqduqtnCnrwXO4nriCJEPgEfd1rBugSUrIn7uiqkubzEBwGQnWMcK
+yFJrT+bv4KM5/QrkfSanshIZ8ddF8Z/dgmNejdZxEaPBmxDQLIgXeso4yuy3BBh8
+EoEM/r+HHUGduq/Zc6khDOioREkRL28FkngOX1dADZ0JuokpviUrJhdgtdGfxqt6
+PUSMGIeoCaLCkyOYN5iC6MK6CLm63kpPhQKCAQEAkaSCnjggMgChojH+Vlyu844y
+SBVUcT0Yrg0xQeKmvU7sVM446/sQt62CqCp5x3APbhRIEpL6Ih72+gD+cVO/7tAR
+/br4pdvaUTh8H7ypl6oxnchNipg2CqDyBUOvH+op+U3sOXaHKMEs8x2ZuJLewxtZ
+YWlOeSLiNde0JLaAaCeWt+hoc2U5ufLP0JvGncn4MQp2dKNMStWV35EMUZWeChR9
+F7Rv0GC1roKIWgnKcWqqUlJOdSINBhkBw3PacuaAxE0/KZKGLlC4w5ArfmSvMDc/
+5HAAFy8kC+rpW2O4A3z5RDrg919IHWU7CTeqADhHKcOi41i9+gq1NCZEA6k79w==
+-----END RSA PRIVATE KEY-----
diff --git a/files/cert/demo.bitmask.net.crt b/files/cert/demo.bitmask.net.crt
index 2b38857..7efab84 100644
--- a/files/cert/demo.bitmask.net.crt
+++ b/files/cert/demo.bitmask.net.crt
@@ -1,31 +1,62 @@
 -----BEGIN CERTIFICATE-----
-MIIFZDCCBEygAwIBAgISA78eQ6wk8YCqT9w8r5h6QRfiMA0GCSqGSIb3DQEBCwUA
+MIIGBDCCBOygAwIBAgISA4c52n7fEOGJjswDqZD7ZryFMA0GCSqGSIb3DQEBCwUA
 MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA3MTMyMDQ4MDBaFw0x
-NjEwMTEyMDQ4MDBaMBsxGTAXBgNVBAMTEGRlbW8uYml0bWFzay5uZXQwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTogAswbQSKrLS8AZf73L+MKf1HPEu
-zsQt68QRS8PZPz6BcyZ9PFLksXb8J3kucWIwWuT3DqPsCq2DkllzldN4Felb4k7p
-1ktNzi53sMxzQmVU5MOGm6g3hCTjbWb12mZNyuF4moa5EV6XrZIu5EcpQoTyHG4R
-V6RFuKJv+36kZzlytXpWzT3rgRorFNFxgF0ZDNlnvBPfzEYCp+Lufqae4xVh7sQw
-5BtFD/wKSownuVLgQaM3v+5whe5PNAapBlqI9BmZAC36JoKa3XvCqt+vl1x4wDTA
-mgSUyIIKjCVNv76asRrRtzRfV7wn/J6CfYCnqYTVYKtv4CZ3AB5SfcvjAgMBAAGj
-ggJxMIICbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGcwIPWo3Xb+fQfuHyTJq1Vq
-bR+/MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEB
-BGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
-Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw
-dC5vcmcvMHsGA1UdEQR0MHKCFGFwaS5kZW1vLmJpdG1hc2submV0ghBkZW1vLmJp
-dG1hc2submV0ghhuaWNrbnltLmRlbW8uYml0bWFzay5uZXSCGHdhbGxhYnkuZGVt
-by5iaXRtYXNrLm5ldIIUd3d3LmRlbW8uYml0bWFzay5uZXQwgf4GA1UdIASB9jCB
-8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRw
-Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENl
-cnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFy
-dGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRl
-IFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0
-b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEATurnMUYbPVctxKvtYIkRJ1MCOUJqg5OM
-ZXIqqbqBD3KfS0ylfuUbY/5WeGt+wIH3YQL5nlYG2eVbO4WdZNlVow8oo8yGwNRK
-vkYiturL9TI02WcQ5+zmBHlTxbEdrXGfpHpCnx76Gu78ywcoSsGKjBepv04+LTt0
-1HcUR/e6fup0r4DIIoX9UwS0zVaIJFHxe7ZzvOo5A+vSgnYONo9Alw0aK5oldnmI
-d05hhSwqgM074mbWJKWsEEdxlUrWxvQE7LqAGO+T/koctxrnuaaeyo8js6NOgO54
-Xg75gRgGqJcSW7WQxZzoNvRzlLHQjVWAHeKpD/p96/5BNCGxxlLCrQ==
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA4MzEyMDE2MDBaFw0x
+NjExMjkyMDE2MDBaMBsxGTAXBgNVBAMTEGRlbW8uYml0bWFzay5uZXQwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCtPNOYXF7Gse1oYyj7CKkEEO9Br/3a
+qpfxscTwzgDlufrfGOfLFVQrE6YlcZOJw2ADB1RE/b4vOYKvQ/HpbzdnfSZpJtAT
+ngEHQIwmvHIdHmpxFHChyUwbdVtxH4Zb539JF2CyYsw9kp81uocFpduLxANwMhfV
+ZqzTIeS0lOB3hcWIPeEc8kRkB0M5XI+iE7rg1jWwdrJWjEqmBbgWhr2W6j5uUKCl
+/jBEUZI6kZB1bDdy4jmvHInQCZNnh8o3YHyopW3kbSdQuPXo1FKrFrOo6uvV5QvX
+hKdlUOsR+lakGG8nK6sQh0FlNUo4JEuB7Gpy414BE7kDmrd7zu2jA1ezvpHsi47t
+LZRcxtOPb1KS/5ZSxwZnJFN1o8/nKJi4e+SdWj7xzJYSysgQu4K1APi5kOq942V0
+mdARcsSX0Mxw4WlS68nx8ZfcAcg+uE3mcR0kEvQ6EuKiB84EdgFqZm75RJZd9tAD
+0Sp8cvEDtZ1Y/3M048WTFn7J3F/xkl8fmz+b+RgYbEAxb3DCKPjbAQV1c11NYMdj
+fxi0kJIbbjZzqqT6AZijcfEinxoVh9eaYVlnKefTXXumO8+G9HmgET+pTPOhg0xT
+utqfP46QNd89gLQaNQik/xvtRxujGkvhm5TPF0YWtD8pr6JZK7V9ENBFqjy+1fID
+5cQwb5sJzzbfYQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
+MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ5
+AmOl5jUq83up0czS1eGi1ArFtTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv
+86jsoTBwBggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmlu
+dC14My5sZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
+bnQteDMubGV0c2VuY3J5cHQub3JnLzAbBgNVHREEFDASghBkZW1vLmJpdG1hc2su
+bmV0MIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAm
+BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUF
+BwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBv
+biBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRo
+IHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5j
+cnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHtHGId40wTs
+4jX/DibaasJVQ7f89QZWzFH/+9oXYJGW7fFRtxkyD5yUpQR13Z95JYEXe3Grs4Gq
+Jt1QY5SBDui8uYI3h940d/VDw66W6A87NEZam4Vhdcx6m92LzSdQySxY2/9zZqzr
+ZXs65CiNnDtjk44H5/io4hogsL2p/ZnRZrS/hrXywwa/01V9I5NhQUF30n6Ch426
+gLbvIlFdzdO92kKvNsU/vh+JnHFxDh16TQMJbyC7LKraqM0wy8DhkUKEaWMjM65K
+0PrjQmPCEL9CbgcSNEAehs00asnEidVqVJqJwYeYvT+oi+H+1SY7RT7/rl5y5K+d
+5FoZS43x9VA=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
 -----END CERTIFICATE-----
diff --git a/files/cert/demo.bitmask.net.csr b/files/cert/demo.bitmask.net.csr
index 2d8df2c..80a638d 100644
--- a/files/cert/demo.bitmask.net.csr
+++ b/files/cert/demo.bitmask.net.csr
@@ -1,28 +1,28 @@
 -----BEGIN CERTIFICATE REQUEST-----
 MIIEsDCCApgCAQAwLTEQMA4GA1UECgwHQml0bWFzazEZMBcGA1UEAwwQZGVtby5i
-aXRtYXNrLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAPC8xrbP
-xuIwwKSr3CHC5Ub2lFCfd5uiEUZzI5rhzs8OoUfBNUIOYrjwGr/vDY8L6Z5Dk1XU
-GbobBZgH2qlFyuYztUzr0R7y22nisqcKTXUQ7xyS2+8/4RqQqR1pfEsjQEo/OXlE
-loV9vjGCAcv3pw3rllxUNb6CGWgoaxnHBM5A5R8EySyA9BGk7dfMzkEOVabXbaAr
-JFA9YyhehM5YOZvPJ1fayCln2PGgxvMBD0kHtWPCjPSWqPz3hyRcUsNXup1hZ8kf
-JA0REKprWsKi8gWTrUdsKq618rD/9q2IDDU2KcFQBrZ6baI90pham5tMAZ5ngxbO
-CnCD37nKdQN/enVdc0AfdH3tj3nsg9N0CpHh3BKEb//Egvs9BQv1yxlp0x/OWWf2
-uOk2FFN9aI2QHdMDiZSHO+maklKn5vrFimRiDE1A6ixwC+RLPalSQkWYNesGdvPx
-xEPyYPg1HGCJ/d8Q9x7eRP3sGgPJcvWZfYd3adUXZrKN9NBnBWMulX8fD8xjAl2P
-FyRRVFgdoFsXmLcRsRGG0EQ56agc32GGiK7ucXDvG+70K4AXc6qgzoTc8NtQOr75
-cuSkO92UCxwX5Fl/192EZ97gaYGbvaIodvd7c3jGlCnU+HI5rMAU8LR5igKYOejM
-v62RPWC5b2AVnjXuGjZOCAqq7/DvHK4UfFDtAgMBAAGgPjA8BgkqhkiG9w0BCQ4x
+aXRtYXNrLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK0805hc
+Xsax7WhjKPsIqQQQ70Gv/dqql/GxxPDOAOW5+t8Y58sVVCsTpiVxk4nDYAMHVET9
+vi85gq9D8elvN2d9Jmkm0BOeAQdAjCa8ch0eanEUcKHJTBt1W3Efhlvnf0kXYLJi
+zD2SnzW6hwWl24vEA3AyF9VmrNMh5LSU4HeFxYg94RzyRGQHQzlcj6ITuuDWNbB2
+slaMSqYFuBaGvZbqPm5QoKX+MERRkjqRkHVsN3LiOa8cidAJk2eHyjdgfKilbeRt
+J1C49ejUUqsWs6jq69XlC9eEp2VQ6xH6VqQYbycrqxCHQWU1SjgkS4HsanLjXgET
+uQOat3vO7aMDV7O+keyLju0tlFzG049vUpL/llLHBmckU3Wjz+comLh75J1aPvHM
+lhLKyBC7grUA+LmQ6r3jZXSZ0BFyxJfQzHDhaVLryfHxl9wByD64TeZxHSQS9DoS
+4qIHzgR2AWpmbvlEll320APRKnxy8QO1nVj/czTjxZMWfsncX/GSXx+bP5v5GBhs
+QDFvcMIo+NsBBXVzXU1gx2N/GLSQkhtuNnOqpPoBmKNx8SKfGhWH15phWWcp59Nd
+e6Y7z4b0eaARP6lM86GDTFO62p8/jpA13z2AtBo1CKT/G+1HG6MaS+GblM8XRha0
+PymvolkrtX0Q0EWqPL7V8gPlxDBvmwnPNt9hAgMBAAGgPjA8BgkqhkiG9w0BCQ4x
 LzAtMAkGA1UdEwQCMAAwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMB
-MA0GCSqGSIb3DQEBCwUAA4ICAQAYj+yloV16saNNd2kJXClL+QEC5HOMzvPtm1bS
-LKPpDGOkAoW9J6EGCT8ajjO9EfVm2SxCt5YQh4J+6b1cINXN5qlVFbeLjiO2p2oE
-tVNzaLpj3bU/vukwLaqdLFebOl10sW1VcKJp8qAFfgCo3TnU+tQHYHfFPvUBlxKv
-dxYsYoWxbHRkImHWAyXWDpIpsW8L9KMSAk31qEx+LoZlDLJ3UTvCBwkeUnabOt+8
-9JI9JTEhsH2UuRVEPu1iZDgyu/ADuoYz+/KkNuyz+sV86xrK0AokcILqahA4cC6V
-x6cKIr6lE/xgUj4JKbVHgi7f4rzGCtZim7QpZoT3bQMefLkwrCxH+kU91fF+l/Y3
-PZQ3os/WI4A4QSM5krrJAVcmG4R/tJ4DV872j+XX2XnsXCAXPdaQvgmjX/VPy0HG
-DcVWceHvnYAz4NIbE69nX1h5KT84WsJ31VY5QjbswEIz14lxWGkoNs/L3wj8F3fc
-DyVH7ykFo1JJ11+jccs+X/pQfrrgZwqiiLZ0RRVjMcmoD3WtA7zJJfdbd+LiIDC/
-imv9QGNdEU3r5+hVbuN7L0NMFvfMQYqrHzXF5x9E21UCSO75qVejwgEhxHgQo6ZZ
-Obmw2Vx+tixBLN7ti7LQZthzkm11BrLC6UvofZ75YJTnbydufeOOeZpCI76as/xq
-H+017A==
+MA0GCSqGSIb3DQEBCwUAA4ICAQCaDJMd0B9FUKh9fTFH9otZTjhVyo15HpzCBksL
+sa0Akl+vDGwjMcnHKlVW7lHESYk3GWSD+L4ooiUJNV8IUKYyDhdryx38EHPpe2sz
+Tz7u92ZujcXurFVN6Ko3uzd/ezDaXT5zbDiEEgbJEidJdG3xiH0lebpKHdV69Voo
+2aehnPbVnB0YraQfGpqlS2wD2nIM2b3vr2gQvVGZ8Aba6gxK8tig/JkoGNB6TW5g
+SYbf6GG5u2JJrboxGzQgjCh7D0WqgslWVUNmOl46C2CqQrjMifEPZWj+Q4KmWcD8
+He6xWQKkh74zWZ352SuWDA1Fk9QeLm97zwpe9GmQJykW5LcMm8cwXUk5CTlQoGWZ
+TxWLHTJqZ4Xf5/jchay3Mkc+XwRKN4Rcm3whR7LPIDn/STak3D4OVt6Cmg0qC92x
+NAGNDDhdJeDo+AxutHXX1B8lppgjZuGkf/YlWJrT9FpV33m+4P6EjzreddR28suk
+4Cw6c8qS7jDETLUVau+HlPGRh1qL8gcKiy8EYrpwo5/U+ig3DnYzbdtI5GlFdVZT
+nya3EvX2A5im6HNBy6pOPWtRJULPqcDXzg4d9b2JCwZ4WNqmmCansZdFnqpk0q0K
+abMoCST9rRg56XLpC3fpyP5+By3GJ+yqcpXDgmrDxOxKGksCoSmAErQlfCosA1y6
+9leZFw==
 -----END CERTIFICATE REQUEST-----
diff --git a/files/cert/demo.bitmask.net.key b/files/cert/demo.bitmask.net.key
index bdaae24..062cf07 100644
--- a/files/cert/demo.bitmask.net.key
+++ b/files/cert/demo.bitmask.net.key
@@ -1,28 +1,51 @@
------BEGIN PRIVATE KEY-----
-MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDTogAswbQSKrLS
-8AZf73L+MKf1HPEuzsQt68QRS8PZPz6BcyZ9PFLksXb8J3kucWIwWuT3DqPsCq2D
-kllzldN4Felb4k7p1ktNzi53sMxzQmVU5MOGm6g3hCTjbWb12mZNyuF4moa5EV6X
-rZIu5EcpQoTyHG4RV6RFuKJv+36kZzlytXpWzT3rgRorFNFxgF0ZDNlnvBPfzEYC
-p+Lufqae4xVh7sQw5BtFD/wKSownuVLgQaM3v+5whe5PNAapBlqI9BmZAC36JoKa
-3XvCqt+vl1x4wDTAmgSUyIIKjCVNv76asRrRtzRfV7wn/J6CfYCnqYTVYKtv4CZ3
-AB5SfcvjAgMBAAECggEBAL2q77ss8uRhLhkMErqCEC4tjymHAcRwfLOnG/ZgT6rx
-GmTLvY/5s1TQk5GTEvEDnvs1SwT8Mv8F5tIHJHIJshdqk9TMcurxKlYV1eFhKyqV
-M9msmGuYL19p5+GHmAH49Tz8+aur2dgc8AjB/0RVRE1/F0UhI6gZQtlViwcPf0V4
-t3loVXNAIFuBYTtu1t1iH5DK0ML8wu2aOfwHTHFKsJ4INt0sm0thjL19iasNlsaB
-ads7q3p1btMKXeSEYYOxVsYglJ+NSqPtpEw7E3Z6JgULl1alc2Z3ePMqkLPpSXmg
-Mt7RtpTvC/g5M9E7ss+7i3M4pm2xjFjFyc/jexpD0UkCgYEA+VVLEdxaVhAga2XP
-ceNkNNt7qLWFQX+nhXFR1TyZm6SE1PxSoCZa/7Km1KqSbty0Wgws2Fv1UzAqJp0n
-yDIZwdq0u2nijAsBmEL7Epf5L/JPUSCL+Vs1hP+tiXCgv75otu8B0G/OZ6DE4Iz6
-la1XrMn2v9offeB4Juq0XiEgatcCgYEA2UqlMDKzOOkK+0KANUoIoG/WTS4hTLFN
-upUR+IJ9jJ2ocYMHNO49kIrbLWmL79L6wQKJbKOWk7w0xo3XD4tZW5193ui/RxH/
-lVa/41N5dpftCBQ2H5j3zGY2tsI+tXqV/vQVDFBR4Xa+bQJvL4sf8nWywyQB2i8T
-vqaGQXgEcdUCgYEA1s3Jr+iEFzMrivsaXgbGVNdmULGZzRT6MPewxaHAwJtbKNb9
-JCYHLdUu73bIUyRnaFCm7ftDfli3Z67rEAlBsYYHQJL3bykoRZInFhzBvLHn7X+5
-t6kBkcRoMElM5ARZ2IhOqtE4JIUYOFCcrgi5yQ3yO9TiXqLdQMHhhFrLv98CgYEA
-szjtTPbUemFFLH7qTonU2bfE833T+3TWnsmru+Std1jmgVHIlPDYGKtfInLG+DV1
-m9Li1JeNcCcxBIAjXW/bcURSeJRSiGUhAOU/eln0ekvPNvWsup0p7g50nINUw8zr
-gRGDdtec4bFWWYVDfdxrqklH+8psOLDRwVOKst8yE00CgYEAuBjCMuz48InN+xeM
-WXhlby6TgZBoRyTZrTACtJBYGTKUlmOwwMgXVwF3BCvDhOKaLcUXD+nQOA4zWo0R
-zWmo1f6sQ5LWWdvujapWSDL9l7ZZdY8ZwAk4uidBk+2nx5D3ACnh6xmr4b28VqKz
-wbakjQdJc37xZwm2AxiBA8tBv0E=
------END PRIVATE KEY-----
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEArTzTmFxexrHtaGMo+wipBBDvQa/92qqX8bHE8M4A5bn63xjn
+yxVUKxOmJXGTicNgAwdURP2+LzmCr0Px6W83Z30maSbQE54BB0CMJrxyHR5qcRRw
+oclMG3VbcR+GW+d/SRdgsmLMPZKfNbqHBaXbi8QDcDIX1Was0yHktJTgd4XFiD3h
+HPJEZAdDOVyPohO64NY1sHayVoxKpgW4Foa9luo+blCgpf4wRFGSOpGQdWw3cuI5
+rxyJ0AmTZ4fKN2B8qKVt5G0nULj16NRSqxazqOrr1eUL14SnZVDrEfpWpBhvJyur
+EIdBZTVKOCRLgexqcuNeARO5A5q3e87towNXs76R7IuO7S2UXMbTj29Skv+WUscG
+ZyRTdaPP5yiYuHvknVo+8cyWEsrIELuCtQD4uZDqveNldJnQEXLEl9DMcOFpUuvJ
+8fGX3AHIPrhN5nEdJBL0OhLiogfOBHYBamZu+USWXfbQA9EqfHLxA7WdWP9zNOPF
+kxZ+ydxf8ZJfH5s/m/kYGGxAMW9wwij42wEFdXNdTWDHY38YtJCSG242c6qk+gGY
+o3HxIp8aFYfXmmFZZynn0117pjvPhvR5oBE/qUzzoYNMU7ranz+OkDXfPYC0GjUI
+pP8b7UcboxpL4ZuUzxdGFrQ/Ka+iWSu1fRDQRao8vtXyA+XEMG+bCc8232ECAwEA
+AQKCAgEAl2qs/2TtKfpmqXDSZuhg4j7zAJUU6sVk3Uol+tv0CNcPoWQhZW4VDTm1
+ZNDqxeTQzJThYRPv4VMBGLPog8JDyN6obgwQnrTh7TbLySe5Dh6BpqjY8XACZ5Wi
+ATQuubGTnY0jZYfZQJAhPFL2pUccqAMBhlUiY9HEiR38yqG9uHph9v0u/5/5ivyW
+E1MF8AISu2Y/sydsJR2mOYqSJo5Ks9e2DbHHWI7eHTi2+R42B4w4wt9cz+O/yOg1
+wK39X32kN7uwW5HUZUflGEZMo2HKUoBS9benLA60SWf6rtICXJdGwBP5Bw9RZ2a2
+om+G196OBDEa/xIAClh2u25YYr0PL4kMXlQtmAl171Bz4STamxzXMiCriikblT8O
+pKyxZvGS6iK1aMSTFuBLMg7ao8FICLhdeZY6yzwb5ZGwVMi7FsyFgIly+dkppMey
+sRBuRmGlX9hY03NJAQ+tpaLUsuTExSwPq07embqeD+8YoxIR9whenbgsdZLVk/qh
+TqC/3O1nJCGVul2YuwXrdur0kx9wJZ5OlkRiyHufL4m4cMZ3pYFpsSpHGeJXseWA
+kH1U4XX5hW1ne4wXAJum2ZBBW9FRMeGvcePTt1SjJVJFaKI2iBYD+mLM3L0fyNOK
+faovociKm3bDyPnZKeRkLqODBIocoHHb5kvzQR7YMCdAbBNymykCggEBAOFcecEG
+nEpIX8v1oxm4v5FgreLLA654sQIOM6brBOX10jlmZXYpqpgYt6TBI6W+A+xGrQxg
+DGpAWqdPEt/6poSQWbB0v9H34Rbs+r2YMEqGkaNjYaXL3n+ZwC+yZpQqlvdw0wz2
+L9dZnEZkaAh+J2Hlqn/znDWoIgBSifKYWQS2dY+C/4LT5XI9z/PCUJoLolgghF2p
+BfhMgKKqUlKrr77nIERFI1O1hqdq9DeGkgwHTFZFPUTRedQNyrkp2if2goBZ/H9o
+T6nW1b4lSPsrB41henWtj5tqsoXXcHyQ6md/be5ss0Ty0m1ettVy8ehI5HGMnZKI
+uUyyzjaJJzrBcHsCggEBAMTKOmW6N5jOQm/vP04DcLOD5ykDYLjtoE3TvWCZB2wF
+pBHk7hPH1rRDIZdWpVn/Lk65xud3POBBnPlbeuhB2eq9niouuEbiSMNw9a8vRt68
+Gx7cBpwHzv8rPf0qYyQdtWDnw62EqW7vPs6Pp8HxfNjZyIiwiVfmS0IvD4B2sMp8
+BZjQC5HuQYmQGL9mgwTq8lo5abVXoz4z6r0u5V3BLnEoRD9pfOBByx7LtvL+x4Sw
+YQhLjOsvPidZq8DqjmJJfGD+6qyTJ8p/uZI9GffAWPfRgmihpynFK8J1TtTEJTUw
+qv4ArFGa0dlGfWDznBvt/PxjnjGXKFrn00tK169OXtMCggEAejNb7hg4jWsbTwye
+aWctsZYcFBuDnorhaLzsszlDSbL3UJq+r8k+MQVOJ293dftIQ0m7sjcu5DqLLagK
+ExvmSYHAsJdOIHvqOTU9batlnDPGKzPLkkyvFL/5X6O8TeGeRQSP3LpuDLcRr3Xo
+l5pYnpQb1Q/zB4FpFoWrObn0o0KREsW06WsfQshTx9j5Pd7LJEBVpjft/cr2Ab6b
+rypbvQe1Dm/zDQQkxQmQ7b7x2MXoVetrorJ3/k2QPMF+Ayd/cjvZV/jnIbBV7Kpp
+HZEioj5WWhNICL1dmofM/i7SfFaz9JJKzztgcV/ngmy20f8cqJnYI8oxuG5ItXe/
+pvOXmwKCAQEAgKrA1/aTl2N06P8C4x04uQcLQzOkMAWehIRnFBu6UJS3m8OVLnXB
+GgeylOLgJiHEw1CQjpLVyMLdweRgTi+QLf1gxq/ZaO9XKAJZgPtmWQegq+Ksp6Qr
+YYeCdl8ah2itSPkAZhmRNqlS5Xfj9djRCnAKv+S9SC2ZE2L1vcbc/OduOWX9yqJ/
+U1RV+f8qtzJu1zMmvJzabTdAygU5jr1agj4TsWplbbNW/YGw0txm04kHSIctUjCH
+cO8eb3ptMjJeEoVaJw/oOmychtNQgT7QbOgdXhAj3hm+7NwKeO7ubQKvKniCMrEJ
+eAiwvY1KirBmcxcnPcFZb2aYLmh28XZKZQKCAQAg0PP7GiCjmlxTgz9KCdIamI3W
+ZTeEVwpU/xIL5tb4QCfZJgthJQ/MEpn3O34WsP5JzW7MbsGz38345ddBodVXk+Ee
+JDcL+IFSJum66r4kY6zfHnrWeOZYJaki0Dv5iIqnCBWsQIvNz1GOBtjDDisfPprO
+81lnis51mY52hMazIbzuoYXc0T9l3xkiwjJAOExnt/fZftErfgHOIn2etydwUvpk
+wub1xqwIQBVXvI/UqwO5/fSiV341cqijq5bPqvSJVHXEvCI2eUeHeExMKcF6PKKs
+DJhHUW+bmxWrKP6Wf3QzdDtJP6+Ikbgjn1BaJlVcmxf02pnpHb9lKL+Vrm8B
+-----END RSA PRIVATE KEY-----
diff --git a/hiera/cat.yaml b/hiera/cat.yaml
index f7e0f67..24ab76d 100644
--- a/hiera/cat.yaml
+++ b/hiera/cat.yaml
@@ -194,6 +194,7 @@ stunnel:
   servers: {}
 tags: 
   - dc
+  - letsencrypt
   - unstable
 testing: 
   api_hosts: 
diff --git a/hiera/donkey.yaml b/hiera/donkey.yaml
index 5506323..d411207 100644
--- a/hiera/donkey.yaml
+++ b/hiera/donkey.yaml
@@ -661,6 +661,7 @@ stunnel:
   servers: {}
 tags: 
   - dc
+  - letsencrypt
   - sandbox-braintree
   - unstable
 webapp: 
diff --git a/hiera/elephant.yaml b/hiera/elephant.yaml
index f8c506f..69593c0 100644
--- a/hiera/elephant.yaml
+++ b/hiera/elephant.yaml
@@ -297,6 +297,7 @@ stunnel:
 tags: 
   - development
   - istanbul
+  - letsencrypt
   - sandbox-braintree
 webapp: 
   admins: 
diff --git a/hiera/leech.yaml b/hiera/leech.yaml
index 42bb13e..6d47f68 100644
--- a/hiera/leech.yaml
+++ b/hiera/leech.yaml
@@ -565,7 +565,43 @@ x509:
       EKIJGN2AsueRKQCiPJcfo9exxoA2w0WWhwlM8kaVNeYrnMYzguOtagdc2ALqgVSy
       q7GLHLyfshfRK4jbBcR0FqAxIU1g0UyHYxx/sbg0xA6K/W0ViJVxZAfmmAQ=
       -----END RSA PRIVATE KEY-----
-  commercial_ca_cert: |
+  commercial_ca_cert: ~
+  commercial_cert: |
+      -----BEGIN CERTIFICATE-----
+      MIIGBDCCBOygAwIBAgISA4c52n7fEOGJjswDqZD7ZryFMA0GCSqGSIb3DQEBCwUA
+      MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+      ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA4MzEyMDE2MDBaFw0x
+      NjExMjkyMDE2MDBaMBsxGTAXBgNVBAMTEGRlbW8uYml0bWFzay5uZXQwggIiMA0G
+      CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCtPNOYXF7Gse1oYyj7CKkEEO9Br/3a
+      qpfxscTwzgDlufrfGOfLFVQrE6YlcZOJw2ADB1RE/b4vOYKvQ/HpbzdnfSZpJtAT
+      ngEHQIwmvHIdHmpxFHChyUwbdVtxH4Zb539JF2CyYsw9kp81uocFpduLxANwMhfV
+      ZqzTIeS0lOB3hcWIPeEc8kRkB0M5XI+iE7rg1jWwdrJWjEqmBbgWhr2W6j5uUKCl
+      /jBEUZI6kZB1bDdy4jmvHInQCZNnh8o3YHyopW3kbSdQuPXo1FKrFrOo6uvV5QvX
+      hKdlUOsR+lakGG8nK6sQh0FlNUo4JEuB7Gpy414BE7kDmrd7zu2jA1ezvpHsi47t
+      LZRcxtOPb1KS/5ZSxwZnJFN1o8/nKJi4e+SdWj7xzJYSysgQu4K1APi5kOq942V0
+      mdARcsSX0Mxw4WlS68nx8ZfcAcg+uE3mcR0kEvQ6EuKiB84EdgFqZm75RJZd9tAD
+      0Sp8cvEDtZ1Y/3M048WTFn7J3F/xkl8fmz+b+RgYbEAxb3DCKPjbAQV1c11NYMdj
+      fxi0kJIbbjZzqqT6AZijcfEinxoVh9eaYVlnKefTXXumO8+G9HmgET+pTPOhg0xT
+      utqfP46QNd89gLQaNQik/xvtRxujGkvhm5TPF0YWtD8pr6JZK7V9ENBFqjy+1fID
+      5cQwb5sJzzbfYQIDAQABo4ICETCCAg0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQW
+      MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQ5
+      AmOl5jUq83up0czS1eGi1ArFtTAfBgNVHSMEGDAWgBSoSmpjBH3duubRObemRWXv
+      86jsoTBwBggrBgEFBQcBAQRkMGIwLwYIKwYBBQUHMAGGI2h0dHA6Ly9vY3NwLmlu
+      dC14My5sZXRzZW5jcnlwdC5vcmcvMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5p
+      bnQteDMubGV0c2VuY3J5cHQub3JnLzAbBgNVHREEFDASghBkZW1vLmJpdG1hc2su
+      bmV0MIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAm
+      BggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUF
+      BwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBiZSByZWxpZWQgdXBv
+      biBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNjb3JkYW5jZSB3aXRo
+      IHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRzZW5j
+      cnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAHtHGId40wTs
+      4jX/DibaasJVQ7f89QZWzFH/+9oXYJGW7fFRtxkyD5yUpQR13Z95JYEXe3Grs4Gq
+      Jt1QY5SBDui8uYI3h940d/VDw66W6A87NEZam4Vhdcx6m92LzSdQySxY2/9zZqzr
+      ZXs65CiNnDtjk44H5/io4hogsL2p/ZnRZrS/hrXywwa/01V9I5NhQUF30n6Ch426
+      gLbvIlFdzdO92kKvNsU/vh+JnHFxDh16TQMJbyC7LKraqM0wy8DhkUKEaWMjM65K
+      0PrjQmPCEL9CbgcSNEAehs00asnEidVqVJqJwYeYvT+oi+H+1SY7RT7/rl5y5K+d
+      5FoZS43x9VA=
+      -----END CERTIFICATE-----
       -----BEGIN CERTIFICATE-----
       MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
       MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
@@ -593,67 +629,58 @@ x509:
       PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
       KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
       -----END CERTIFICATE-----
-  commercial_cert: |
-      -----BEGIN CERTIFICATE-----
-      MIIFZDCCBEygAwIBAgISA78eQ6wk8YCqT9w8r5h6QRfiMA0GCSqGSIb3DQEBCwUA
-      MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
-      ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xNjA3MTMyMDQ4MDBaFw0x
-      NjEwMTEyMDQ4MDBaMBsxGTAXBgNVBAMTEGRlbW8uYml0bWFzay5uZXQwggEiMA0G
-      CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTogAswbQSKrLS8AZf73L+MKf1HPEu
-      zsQt68QRS8PZPz6BcyZ9PFLksXb8J3kucWIwWuT3DqPsCq2DkllzldN4Felb4k7p
-      1ktNzi53sMxzQmVU5MOGm6g3hCTjbWb12mZNyuF4moa5EV6XrZIu5EcpQoTyHG4R
-      V6RFuKJv+36kZzlytXpWzT3rgRorFNFxgF0ZDNlnvBPfzEYCp+Lufqae4xVh7sQw
-      5BtFD/wKSownuVLgQaM3v+5whe5PNAapBlqI9BmZAC36JoKa3XvCqt+vl1x4wDTA
-      mgSUyIIKjCVNv76asRrRtzRfV7wn/J6CfYCnqYTVYKtv4CZ3AB5SfcvjAgMBAAGj
-      ggJxMIICbTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
-      AQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFGcwIPWo3Xb+fQfuHyTJq1Vq
-      bR+/MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMHAGCCsGAQUFBwEB
-      BGQwYjAvBggrBgEFBQcwAYYjaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNyeXB0
-      Lm9yZy8wLwYIKwYBBQUHMAKGI2h0dHA6Ly9jZXJ0LmludC14My5sZXRzZW5jcnlw
-      dC5vcmcvMHsGA1UdEQR0MHKCFGFwaS5kZW1vLmJpdG1hc2submV0ghBkZW1vLmJp
-      dG1hc2submV0ghhuaWNrbnltLmRlbW8uYml0bWFzay5uZXSCGHdhbGxhYnkuZGVt
-      by5iaXRtYXNrLm5ldIIUd3d3LmRlbW8uYml0bWFzay5uZXQwgf4GA1UdIASB9jCB
-      8zAIBgZngQwBAgEwgeYGCysGAQQBgt8TAQEBMIHWMCYGCCsGAQUFBwIBFhpodHRw
-      Oi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCBqwYIKwYBBQUHAgIwgZ4MgZtUaGlzIENl
-      cnRpZmljYXRlIG1heSBvbmx5IGJlIHJlbGllZCB1cG9uIGJ5IFJlbHlpbmcgUGFy
-      dGllcyBhbmQgb25seSBpbiBhY2NvcmRhbmNlIHdpdGggdGhlIENlcnRpZmljYXRl
-      IFBvbGljeSBmb3VuZCBhdCBodHRwczovL2xldHNlbmNyeXB0Lm9yZy9yZXBvc2l0
-      b3J5LzANBgkqhkiG9w0BAQsFAAOCAQEATurnMUYbPVctxKvtYIkRJ1MCOUJqg5OM
-      ZXIqqbqBD3KfS0ylfuUbY/5WeGt+wIH3YQL5nlYG2eVbO4WdZNlVow8oo8yGwNRK
-      vkYiturL9TI02WcQ5+zmBHlTxbEdrXGfpHpCnx76Gu78ywcoSsGKjBepv04+LTt0
-      1HcUR/e6fup0r4DIIoX9UwS0zVaIJFHxe7ZzvOo5A+vSgnYONo9Alw0aK5oldnmI
-      d05hhSwqgM074mbWJKWsEEdxlUrWxvQE7LqAGO+T/koctxrnuaaeyo8js6NOgO54
-      Xg75gRgGqJcSW7WQxZzoNvRzlLHQjVWAHeKpD/p96/5BNCGxxlLCrQ==
-      -----END CERTIFICATE-----
   commercial_key: |
-      -----BEGIN PRIVATE KEY-----
-      MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQDTogAswbQSKrLS
-      8AZf73L+MKf1HPEuzsQt68QRS8PZPz6BcyZ9PFLksXb8J3kucWIwWuT3DqPsCq2D
-      kllzldN4Felb4k7p1ktNzi53sMxzQmVU5MOGm6g3hCTjbWb12mZNyuF4moa5EV6X
-      rZIu5EcpQoTyHG4RV6RFuKJv+36kZzlytXpWzT3rgRorFNFxgF0ZDNlnvBPfzEYC
-      p+Lufqae4xVh7sQw5BtFD/wKSownuVLgQaM3v+5whe5PNAapBlqI9BmZAC36JoKa
-      3XvCqt+vl1x4wDTAmgSUyIIKjCVNv76asRrRtzRfV7wn/J6CfYCnqYTVYKtv4CZ3
-      AB5SfcvjAgMBAAECggEBAL2q77ss8uRhLhkMErqCEC4tjymHAcRwfLOnG/ZgT6rx
-      GmTLvY/5s1TQk5GTEvEDnvs1SwT8Mv8F5tIHJHIJshdqk9TMcurxKlYV1eFhKyqV
-      M9msmGuYL19p5+GHmAH49Tz8+aur2dgc8AjB/0RVRE1/F0UhI6gZQtlViwcPf0V4
-      t3loVXNAIFuBYTtu1t1iH5DK0ML8wu2aOfwHTHFKsJ4INt0sm0thjL19iasNlsaB
-      ads7q3p1btMKXeSEYYOxVsYglJ+NSqPtpEw7E3Z6JgULl1alc2Z3ePMqkLPpSXmg
-      Mt7RtpTvC/g5M9E7ss+7i3M4pm2xjFjFyc/jexpD0UkCgYEA+VVLEdxaVhAga2XP
-      ceNkNNt7qLWFQX+nhXFR1TyZm6SE1PxSoCZa/7Km1KqSbty0Wgws2Fv1UzAqJp0n
-      yDIZwdq0u2nijAsBmEL7Epf5L/JPUSCL+Vs1hP+tiXCgv75otu8B0G/OZ6DE4Iz6
-      la1XrMn2v9offeB4Juq0XiEgatcCgYEA2UqlMDKzOOkK+0KANUoIoG/WTS4hTLFN
-      upUR+IJ9jJ2ocYMHNO49kIrbLWmL79L6wQKJbKOWk7w0xo3XD4tZW5193ui/RxH/
-      lVa/41N5dpftCBQ2H5j3zGY2tsI+tXqV/vQVDFBR4Xa+bQJvL4sf8nWywyQB2i8T
-      vqaGQXgEcdUCgYEA1s3Jr+iEFzMrivsaXgbGVNdmULGZzRT6MPewxaHAwJtbKNb9
-      JCYHLdUu73bIUyRnaFCm7ftDfli3Z67rEAlBsYYHQJL3bykoRZInFhzBvLHn7X+5
-      t6kBkcRoMElM5ARZ2IhOqtE4JIUYOFCcrgi5yQ3yO9TiXqLdQMHhhFrLv98CgYEA
-      szjtTPbUemFFLH7qTonU2bfE833T+3TWnsmru+Std1jmgVHIlPDYGKtfInLG+DV1
-      m9Li1JeNcCcxBIAjXW/bcURSeJRSiGUhAOU/eln0ekvPNvWsup0p7g50nINUw8zr
-      gRGDdtec4bFWWYVDfdxrqklH+8psOLDRwVOKst8yE00CgYEAuBjCMuz48InN+xeM
-      WXhlby6TgZBoRyTZrTACtJBYGTKUlmOwwMgXVwF3BCvDhOKaLcUXD+nQOA4zWo0R
-      zWmo1f6sQ5LWWdvujapWSDL9l7ZZdY8ZwAk4uidBk+2nx5D3ACnh6xmr4b28VqKz
-      wbakjQdJc37xZwm2AxiBA8tBv0E=
-      -----END PRIVATE KEY-----
+      -----BEGIN RSA PRIVATE KEY-----
+      MIIJKQIBAAKCAgEArTzTmFxexrHtaGMo+wipBBDvQa/92qqX8bHE8M4A5bn63xjn
+      yxVUKxOmJXGTicNgAwdURP2+LzmCr0Px6W83Z30maSbQE54BB0CMJrxyHR5qcRRw
+      oclMG3VbcR+GW+d/SRdgsmLMPZKfNbqHBaXbi8QDcDIX1Was0yHktJTgd4XFiD3h
+      HPJEZAdDOVyPohO64NY1sHayVoxKpgW4Foa9luo+blCgpf4wRFGSOpGQdWw3cuI5
+      rxyJ0AmTZ4fKN2B8qKVt5G0nULj16NRSqxazqOrr1eUL14SnZVDrEfpWpBhvJyur
+      EIdBZTVKOCRLgexqcuNeARO5A5q3e87towNXs76R7IuO7S2UXMbTj29Skv+WUscG
+      ZyRTdaPP5yiYuHvknVo+8cyWEsrIELuCtQD4uZDqveNldJnQEXLEl9DMcOFpUuvJ
+      8fGX3AHIPrhN5nEdJBL0OhLiogfOBHYBamZu+USWXfbQA9EqfHLxA7WdWP9zNOPF
+      kxZ+ydxf8ZJfH5s/m/kYGGxAMW9wwij42wEFdXNdTWDHY38YtJCSG242c6qk+gGY
+      o3HxIp8aFYfXmmFZZynn0117pjvPhvR5oBE/qUzzoYNMU7ranz+OkDXfPYC0GjUI
+      pP8b7UcboxpL4ZuUzxdGFrQ/Ka+iWSu1fRDQRao8vtXyA+XEMG+bCc8232ECAwEA
+      AQKCAgEAl2qs/2TtKfpmqXDSZuhg4j7zAJUU6sVk3Uol+tv0CNcPoWQhZW4VDTm1
+      ZNDqxeTQzJThYRPv4VMBGLPog8JDyN6obgwQnrTh7TbLySe5Dh6BpqjY8XACZ5Wi
+      ATQuubGTnY0jZYfZQJAhPFL2pUccqAMBhlUiY9HEiR38yqG9uHph9v0u/5/5ivyW
+      E1MF8AISu2Y/sydsJR2mOYqSJo5Ks9e2DbHHWI7eHTi2+R42B4w4wt9cz+O/yOg1
+      wK39X32kN7uwW5HUZUflGEZMo2HKUoBS9benLA60SWf6rtICXJdGwBP5Bw9RZ2a2
+      om+G196OBDEa/xIAClh2u25YYr0PL4kMXlQtmAl171Bz4STamxzXMiCriikblT8O
+      pKyxZvGS6iK1aMSTFuBLMg7ao8FICLhdeZY6yzwb5ZGwVMi7FsyFgIly+dkppMey
+      sRBuRmGlX9hY03NJAQ+tpaLUsuTExSwPq07embqeD+8YoxIR9whenbgsdZLVk/qh
+      TqC/3O1nJCGVul2YuwXrdur0kx9wJZ5OlkRiyHufL4m4cMZ3pYFpsSpHGeJXseWA
+      kH1U4XX5hW1ne4wXAJum2ZBBW9FRMeGvcePTt1SjJVJFaKI2iBYD+mLM3L0fyNOK
+      faovociKm3bDyPnZKeRkLqODBIocoHHb5kvzQR7YMCdAbBNymykCggEBAOFcecEG
+      nEpIX8v1oxm4v5FgreLLA654sQIOM6brBOX10jlmZXYpqpgYt6TBI6W+A+xGrQxg
+      DGpAWqdPEt/6poSQWbB0v9H34Rbs+r2YMEqGkaNjYaXL3n+ZwC+yZpQqlvdw0wz2
+      L9dZnEZkaAh+J2Hlqn/znDWoIgBSifKYWQS2dY+C/4LT5XI9z/PCUJoLolgghF2p
+      BfhMgKKqUlKrr77nIERFI1O1hqdq9DeGkgwHTFZFPUTRedQNyrkp2if2goBZ/H9o
+      T6nW1b4lSPsrB41henWtj5tqsoXXcHyQ6md/be5ss0Ty0m1ettVy8ehI5HGMnZKI
+      uUyyzjaJJzrBcHsCggEBAMTKOmW6N5jOQm/vP04DcLOD5ykDYLjtoE3TvWCZB2wF
+      pBHk7hPH1rRDIZdWpVn/Lk65xud3POBBnPlbeuhB2eq9niouuEbiSMNw9a8vRt68
+      Gx7cBpwHzv8rPf0qYyQdtWDnw62EqW7vPs6Pp8HxfNjZyIiwiVfmS0IvD4B2sMp8
+      BZjQC5HuQYmQGL9mgwTq8lo5abVXoz4z6r0u5V3BLnEoRD9pfOBByx7LtvL+x4Sw
+      YQhLjOsvPidZq8DqjmJJfGD+6qyTJ8p/uZI9GffAWPfRgmihpynFK8J1TtTEJTUw
+      qv4ArFGa0dlGfWDznBvt/PxjnjGXKFrn00tK169OXtMCggEAejNb7hg4jWsbTwye
+      aWctsZYcFBuDnorhaLzsszlDSbL3UJq+r8k+MQVOJ293dftIQ0m7sjcu5DqLLagK
+      ExvmSYHAsJdOIHvqOTU9batlnDPGKzPLkkyvFL/5X6O8TeGeRQSP3LpuDLcRr3Xo
+      l5pYnpQb1Q/zB4FpFoWrObn0o0KREsW06WsfQshTx9j5Pd7LJEBVpjft/cr2Ab6b
+      rypbvQe1Dm/zDQQkxQmQ7b7x2MXoVetrorJ3/k2QPMF+Ayd/cjvZV/jnIbBV7Kpp
+      HZEioj5WWhNICL1dmofM/i7SfFaz9JJKzztgcV/ngmy20f8cqJnYI8oxuG5ItXe/
+      pvOXmwKCAQEAgKrA1/aTl2N06P8C4x04uQcLQzOkMAWehIRnFBu6UJS3m8OVLnXB
+      GgeylOLgJiHEw1CQjpLVyMLdweRgTi+QLf1gxq/ZaO9XKAJZgPtmWQegq+Ksp6Qr
+      YYeCdl8ah2itSPkAZhmRNqlS5Xfj9djRCnAKv+S9SC2ZE2L1vcbc/OduOWX9yqJ/
+      U1RV+f8qtzJu1zMmvJzabTdAygU5jr1agj4TsWplbbNW/YGw0txm04kHSIctUjCH
+      cO8eb3ptMjJeEoVaJw/oOmychtNQgT7QbOgdXhAj3hm+7NwKeO7ubQKvKniCMrEJ
+      eAiwvY1KirBmcxcnPcFZb2aYLmh28XZKZQKCAQAg0PP7GiCjmlxTgz9KCdIamI3W
+      ZTeEVwpU/xIL5tb4QCfZJgthJQ/MEpn3O34WsP5JzW7MbsGz38345ddBodVXk+Ee
+      JDcL+IFSJum66r4kY6zfHnrWeOZYJaki0Dv5iIqnCBWsQIvNz1GOBtjDDisfPprO
+      81lnis51mY52hMazIbzuoYXc0T9l3xkiwjJAOExnt/fZftErfgHOIn2etydwUvpk
+      wub1xqwIQBVXvI/UqwO5/fSiV341cqijq5bPqvSJVHXEvCI2eUeHeExMKcF6PKKs
+      DJhHUW+bmxWrKP6Wf3QzdDtJP6+Ikbgjn1BaJlVcmxf02pnpHb9lKL+Vrm8B
+      -----END RSA PRIVATE KEY-----
   key: |
       -----BEGIN RSA PRIVATE KEY-----
       MIIJKgIBAAKCAgEAvNv8lkZuLh6x1M3DNiVWv8xQ8M0qGzwYCVbOjnRkLaFADSeR
diff --git a/hiera/mudskipper.yaml b/hiera/mudskipper.yaml
index 2d1d1c4..c02e126 100644
--- a/hiera/mudskipper.yaml
+++ b/hiera/mudskipper.yaml
@@ -311,6 +311,7 @@ stunnel:
   servers: {}
 tags: 
   - clientdev
+  - letsencrypt
   - seoul
 testing: 
   api_hosts: 
diff --git a/hiera/snail.yaml b/hiera/snail.yaml
index b5e2b95..83184fc 100644
--- a/hiera/snail.yaml
+++ b/hiera/snail.yaml
@@ -231,6 +231,7 @@ stunnel:
 tags: 
   - development
   - istanbul
+  - letsencrypt
 testing: 
   api_hosts: 
     - elephant.dev.bitmask.net
diff --git a/nodes/cat.json b/nodes/cat.json
index 33bfa3b..7a886d1 100644
--- a/nodes/cat.json
+++ b/nodes/cat.json
@@ -1,5 +1,5 @@
 {
   "ip_address": "199.119.112.206",
   "services": "mx",
-  "tags": ["unstable", "dc"]
+  "tags": ["unstable", "dc", "letsencrypt"]
 }
diff --git a/nodes/donkey.json b/nodes/donkey.json
index 4ad76dd..4bcb918 100644
--- a/nodes/donkey.json
+++ b/nodes/donkey.json
@@ -8,7 +8,8 @@
   "tags": [
     "dc",
     "sandbox-braintree",
-    "unstable"
+    "unstable",
+    "letsencrypt"
   ],
   "sources": {
     "webapp": {
diff --git a/nodes/elephant.json b/nodes/elephant.json
index 053641a..6763c5e 100644
--- a/nodes/elephant.json
+++ b/nodes/elephant.json
@@ -1,6 +1,6 @@
 {
   "services": "webapp",
-  "tags": ["development", "istanbul", "sandbox-braintree"],
+  "tags": ["development", "istanbul", "sandbox-braintree", "letsencrypt"],
   "ip_address": "176.53.69.13",
   "ssh": {
     "port": 4422
diff --git a/nodes/mudskipper.json b/nodes/mudskipper.json
index 6791fdd..8b5b13a 100644
--- a/nodes/mudskipper.json
+++ b/nodes/mudskipper.json
@@ -6,6 +6,7 @@
   ],
   "tags": [
     "clientdev",
-    "seoul"
+    "seoul",
+    "letsencrypt"
   ]
 }
diff --git a/nodes/snail.json b/nodes/snail.json
index aa4573d..b329d70 100644
--- a/nodes/snail.json
+++ b/nodes/snail.json
@@ -1,7 +1,7 @@
 {
   "services": ["openvpn","mx"],
   "ip_address": "176.53.69.14",
-  "tags": ["development", "istanbul"],
+  "tags": ["development", "istanbul", "letsencrypt"],
   "openvpn": {
     "gateway_address": "176.53.69.19",
     "allow_free": false,
author	elijah <elijah@riseup.net>	2016-08-31 14:20:52 -0700
committer	elijah <elijah@riseup.net>	2016-08-31 14:20:52 -0700
commit	30188a14256f4c423ba80a17aa0ddeaf3b9f1267 (patch)
tree	2fda3a670cacd2df73ea3ba83bffba974a4e816c
parent	360053766a93e41857c05276f72befeb926550b3 (diff)