feat(system/services/taskserver): Integrate Let's Encrypt certificates

The current setup now runs the `taskserver.vhack.eu` domain with a
Let's Encrypt certificate and additionally uses a self-signed CA
certificate to validate clients.

The shell scripts used to generate the CA certificate and the derived
client certificate (and keys) are taken nearly unmodified from the
upstream repository [1].

[1]: https://github.com/GothenburgBitFactory/taskserver/tree/9794cff61e56bdfb193c6aa4cebb57970ac68aef/pki

1 files changed, 52 insertions, 0 deletions

diff --git a/system/services/taskserver/ca.cert.pem b/system/services/taskserver/ca.cert.pem
new file mode 100644
index 0000000..d6e5513
--- /dev/null
+++ b/system/services/taskserver/ca.cert.pem
@@ -0,0 +1,52 @@
+-----BEGIN CERTIFICATE-----
+MIIJPDCCBSSgAwIBAgIURpRPfm0/A8HaS8D6O5YlHH+i/dMwDQYJKoZIhvcNAQEM
+BQAwPjELMAkGA1UEBhMCRVUxDjAMBgNVBAoTBVZoYWNrMR8wHQYDVQQDExZ0YXNr
+c2VydmVyLnZoYWNrLmV1IENBMB4XDTIzMTAwNDE3NDIxN1oXDTI0MTAwMzE3NDIx
+N1owPjELMAkGA1UEBhMCRVUxDjAMBgNVBAoTBVZoYWNrMR8wHQYDVQQDExZ0YXNr
+c2VydmVyLnZoYWNrLmV1IENBMIIEIjANBgkqhkiG9w0BAQEFAAOCBA8AMIIECgKC
+BAEAvqK+cCSMRS4QXagPcIHHkdc2mr7DLqqvDSisybD6CFJYH+7YgDP/reqLRCpL
+3J1VmBYlthK6EzsGf7v/rdkgoMEL9pLTgguNS8FWIHybn9X/diYX/hp6CGV4hfn1
+eJFjV78o9dWAFwWrZzGDOW/lbXnqaB+EFbbV/R+lNxwwSXWpxyRjygYVJhiKX5Pt
+u1eN10MPOuX6afdaduag383rHXe6wcOOF+Af+F2mZmvdySBAkjHaL+VvS3ounj8q
+PSC/HoYzDWa4fHnhcgfLJq2ngmLnSQFtDDTq3xd/MBVk17qExD6efIrcGoLSG/L9
+CQJaV/DdfdZwCNNnGz2nm+Whx3MIvlI2cWBM2jxFsfPEiNqPWyaBOBN6JVnE4Xfd
+odfzAvgRPDipansnFvwbYbfmq/sUQbN21tYYpi28EPQMGNkJ5XYf21wLCSo2QCLe
+n8KttXKp2dBi9ykFKRpVUVxalIunco1lBxccXILz0aRILdcoTMCyOAiAZ11QJ+Ij
+vV+gLyBzq2+IMBflsWx0BWZ+yXQJbmMkxJ+wkc26oNG6ZcklckZYkbKKLqmVo2wc
+UW+NODIuwcaKQrqXqzxM/pFuW0eeBKymMg77u7NN3mkUI5sx9F3djQ6RuFFI5KYM
+AGlQB1dlFyj9qtMrqNLi7GSnTCSbeoJq6Tl1NEKELbjIYvAUIYA5O0rAZHMWqNog
+30IaAL8GZaTf4l78ueJeIdGve1Zl+FXka+Clj0d/B4pVqkIu7/pk4Vldc/Bzm5mm
+JIReQZz6NRn8m0szAmeK9ucxx6jzshXnRQrVBUntYYWZzCWQgHjNPF3vXdFrfZgl
+ar/0whmRap7uM7TiMSHRgJjPd7iG27RKXd3dRr51KYaeHSjhnK/26oelBIQDVA6V
+nK69GpD2AFkWpgkUfqD89rLBOxWxdKZgC6ucTtmprwg5pRkfRCgV32fzJkBAoMkN
+erg8uQGjT/EnTSxEK72XK2MRDpUpKZvB2GoG69dOYs1L9mtIbxgdexeBlw2UNF1l
+JDlPQUEmlY/QptWCro7H0HcdP/iXCadTZcxIf+ln0cfMwlVYgTn+4NWWvRNskWx2
+c8RqynsrjM/7PIuWltVizlcAp7WIQtbBHcTs9lNBRSQrtxEaSuLoZ2cLiw9qBN7j
+2goLCEKvRI/KqsVj9/NirMpVg4g3t/ZQSEh56w6seKPynzEF1KKdA+2tCzwuSmDs
+UT0hHpzepoTXJoix/eRWl4yVsUD1zz1HdL+WJL0vWNZax92Q1afq5icjtEty4/Ng
+Ek35dWGQI21usyVHKH+jsFFioj+3pm5jPUb7tCZ/sptYlXOL6MtSWmpOzMqjiDQK
+pZizY/mseUHQOyz9MBdZ3Vv8GQIDAQABozIwMDAPBgNVHRMBAf8EBTADAQH/MB0G
+A1UdDgQWBBQiVaWbtkt9aYDBbPhXAGtpi6HxAzANBgkqhkiG9w0BAQwFAAOCBAEA
+SSHCnVVo6GCftsLy8o6QCNsqZwewmVOYlhcSRJIAnAH4W85QWWwVKjcVd88qMzB5
+xREvw90EKa56ZoWbnX97eIl0PyUaNdaZs7gsBmhSAzLXNeArLJqknn2/MvQ/8hm9
+95mvS1d01/C7PHgLZ5rcqJHq0M3M2e3ldQIMAzHOY6mvmci8NCfqEcdqZHaWNmx7
+gOFQpz14W1uqvzM2B4oDt6Z+TSOHfIIhH1WCKISthz+0lzjYnut4cY4Ay9cp8Hp0
+Iwuj3PHKHvqxnPMtmUObxReZ/fFGkpJkkvxI8D+Wvua3/6vRGgt27zmJSL26Bxdg
+pq4GGZ7iGgBpigaRYNj6RkQRsp7vlAa3ZmKoXjKVGyjgKNw5X3WA3MGkc/HL7sB+
+89Rgorn90o3ou4A63gCHXWXjdpT9kY0Jk1januQ/OziPJcGvtHSW7Vtt/dQ3QNe7
+Ahkmm0D6wHdYZdTmBvZFE2aiyJ2B+VI2qD8ZgDlFOmb2Q+axlPD0olfAY+aYeCoF
+2mlGw+PSAThTZbESjdYAq6oAkDSp1m+UlKoTvK4i4f6I7r2XQnl/VlMzLvBR6u2J
+fwmUMjFxv/9a/GRdYqEB7fMRlRLinT/to319DdmYa9KyA2vH+/9kYod8dvz07By6
+Iht8BLkPRup1QiQZdfdJorKl/MNGtNm+dM/bwb/Ceso6iOrf8QVfrztk3dj1qeC0
+GKo/ORsLMqnmQHobWjk19PzEpr6NvxfKWYxgFTrm8c9Mx0FXEwwo7eJpMWYdTIG5
+Oprb3L++zuLXnqr0ufGeL3rMfagSMhawukTvn8Ni5vt7UDp8FgXK4YbXJpbPPuGP
+AvatrnOsH6z0C86zVkZmq2w7/xoXugf8UMhZAaG7mtoffCa/aoakiC4sM6j2OOOJ
+w9vgwKG7aH7RdQ3mKpoi1g+JYyRr/754YNienVlp2Lt7qJ7vao+BAsWSR4Oh9Ni9
+RYznlWeIF1i6pEAgXYmWV4tF+fXqgE0fbPCXF/ygsGw/1WYF3Kv//1PptLK/a+XX
+TIQOQw2fsiZ9+tSyOCCjdWeUqvqq8wrLawu+q3js+6ha0Dz9hl/Je6qBYNIH1vo2
+x0RSy2Wq5OZe1PNAyuJZqI+sS4DiBb0V8n+AQ2G19vOg/hoUXWHkNRVdAWl1IrOD
+puUgwNSw+B0c1PY3NEHNNKb4ViksLr2FvSTIiHGAcZjVTOPSfxF9m/Aj/Do83LI3
+oYWEngzP0H+OnjX3nAUzaRqnQyFs5/2MrEFfOZXXtcvdQ+59eR7mxKxIuCGzs8q/
+8HEWmFuAwcHwEmWb6FQlKoMVU+qeNwk9ArPSQDVZnW1vyZsNYc72xwdFSBxR1E4s
+q3QPnPpVzFvh+K/1A81CSQ==
+-----END CERTIFICATE-----