Recent changes to this wiki:

update date for the next meeting
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 610e85d..5dfd1c1 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -16,11 +16,11 @@ Please join the communication channels:
 
 # IRC meetings
 
-## 2018-09-16 (Upcoming)
+## 2018-09-30 (Upcoming)
 
 Everyone interested in supporting the libravatar project (code or service) is welcome!
 
-* 2018-09-16, 19:00 UTC (see [local times](https://www.timeanddate.com/worldclock/fixedtime.html?msg=Libravatar+Future&iso=20180916T19&p1=%3A))
+* 2018-09-30, 19:00 UTC (see [local times](https://www.timeanddate.com/worldclock/fixedtime.html?msg=Libravatar+Future&iso=20180930T19&p1=%3A))
 * channel `#libravatar` at irc.freenode.net
 * Preparation / Agenda: <https://pad.riseup.net/p/libravatar-future-irc> (please add your topics / proposals / ideas)
 

Loosen permissions on letsencrypt directory to let mirrors pull the certs down
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 765e36a..4ad84f2 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -303,6 +303,7 @@ If you are migrating to a new server, you may be interested in the [server migra
       ln -s ../letsencrypt/live/www.libravatar.org/privkey.pem www.pem
       ln -s ../letsencrypt/live/www.libravatar.org/cert.pem www.crt
       ln -s ../letsencrypt/live/www.libravatar.org/chain.pem www-chain.pem
+      chmod a+rx /etc/letsencrypt/archive /etc/letsencrypt/live
 
 * Install a cronjob to [automatically renew these certs](https://feeding.cloud.geek.nz/posts/automatically-renewing-letsencrypt-certs-on-debian-using-certbot/) in `/etc/cron.daily/certbot-renew-libravatar`:
 

IRC meeting 2018-09-02
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 77b1d2f..610e85d 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -16,14 +16,56 @@ Please join the communication channels:
 
 # IRC meetings
 
-## 2018-09-02 (Upcoming)
+## 2018-09-16 (Upcoming)
 
 Everyone interested in supporting the libravatar project (code or service) is welcome!
 
-* 2018-09-02, 19:00 UTC (see [local times](https://www.timeanddate.com/worldclock/fixedtime.html?msg=Libravatar+Future&iso=20180902T19&p1=%3A))
+* 2018-09-16, 19:00 UTC (see [local times](https://www.timeanddate.com/worldclock/fixedtime.html?msg=Libravatar+Future&iso=20180916T19&p1=%3A))
 * channel `#libravatar` at irc.freenode.net
 * Preparation / Agenda: <https://pad.riseup.net/p/libravatar-future-irc> (please add your topics / proposals / ideas)
 
+## 2018-09-02
+
+* participants: falko, fmarrier, nipos, sumpfralle, tleguern
+
+### Infrastructure
+* we will use the OpenStack infrastructure from Fedora (instead of OpenShift)
+
+### Current state of development =
+* Design:
+    * Two links in the header nav link to nowhere
+* image size issue (size=0 and size=) is fixed
+* structure is similar to the previous code
+* original pictures are stored in the database
+* resized variations are rendered on demand
+    * caching/something may follow (at the appropriate place)
+* the lack of a filesystem-based storage will be challenging for potential mirrors
+    * we will discuss this (and potential changes), after the new code is deployed
+
+### Data migration
+As soon as we think that the new implementation is ready, we can migrate the data.
+
+* prepare export and import scripts
+* migrate everything, except for the passwords
+    * remind people of the existence of libravatar :)
+    * improve password hash quality
+    * allow cleanup stale/unused accounts after a while
+
+### Migration process
+* send a mail in advance: inform about the change to a new platform and the new group of "us"
+* migrate the data; shutdown the original host (thanks, ij!)
+* send a mail requesting users to set a new password
+
+### Mail-Domain
+* sumpfralle offered to forward mails for the few @libravatar.org accounts to the respective people
+    * dev, tls, support, postmaster, ...
+* outgoing mail is handled by the server itself
+
+### Backup
+* currently fmarrier provides the backup space (< 10GB)
+* sumpfralle offered space with ssh access
+
+
 ## 2018-08-19
 
 * Participants: clime, nipos, sumpfralle

git hosting notes
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index bebe390..77b1d2f 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -35,7 +35,7 @@ What happened during the last two weeks?
 * fmarier moved the libravatar service the new VM provided by ij (2018-08-13)
 * nipos got the new libravatar code running (preparing his design work)
 
-### Hosting
+### Hosting the service on Fedora infrastructure
 
 * clime communicated with Fedora people
 * we will be able to host the libravatar on their infrastructure
@@ -50,6 +50,15 @@ What happened during the last two weeks?
 * clime will work on this
 * **Please note**: we were only three people discussing this, thus the plan currently does not rest on broad explicit acceptance. Please raise your voice, if you see problems with this strategy.
 
+### Hosting of git repositories
+
+We will probably use git repositories for hosting the code, the ansible playbook and maybe more.
+
+* clime suggested pagure.io
+* if we use the Fedora hosting, the ansible playbook would probably be part of https://infrastructure.fedoraproject.org/cgit/ansible.git
+    * sync with pagure.io should be no problem (for issue reporting and so on)
+* other hosting services (running on free software) would be acceptable, too
+
 
 ## 2018-08-05
 

log of today's meeting
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index e2b314e..bebe390 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -16,14 +16,40 @@ Please join the communication channels:
 
 # IRC meetings
 
-## 2018-08-19 (Upcoming)
+## 2018-09-02 (Upcoming)
 
 Everyone interested in supporting the libravatar project (code or service) is welcome!
 
-* 2018-08-19, 19:00 UTC (see [local times](https://www.timeanddate.com/worldclock/fixedtime.html?msg=Libravatar+Future&iso=20180819T19&p1=%3A))
+* 2018-09-02, 19:00 UTC (see [local times](https://www.timeanddate.com/worldclock/fixedtime.html?msg=Libravatar+Future&iso=20180902T19&p1=%3A))
 * channel `#libravatar` at irc.freenode.net
 * Preparation / Agenda: <https://pad.riseup.net/p/libravatar-future-irc> (please add your topics / proposals / ideas)
 
+## 2018-08-19
+
+* Participants: clime, nipos, sumpfralle
+
+### Review
+
+What happened during the last two weeks?
+
+* fmarier moved the libravatar service the new VM provided by ij (2018-08-13)
+* nipos got the new libravatar code running (preparing his design work)
+
+### Hosting
+
+* clime communicated with Fedora people
+* we will be able to host the libravatar on their infrastructure
+* the host will be managed by the Fedora infrastructure team
+* probably clime and oliver will have administrative access and will care for the hosting details of libravatar for the forseeable future
+    * administrative access by non-Fedora people is probably not trivial/possible (it is unclear, if there is demand for that)
+* The steps for the migration of the current hosting (with the old implementation) to Fedora infrastructure are the following:
+    * prepare an ansible playbook for setting up the system for the service
+    * run a one-time data migration from ij's VM
+    * do a bit of tests with the new deployment
+    * trigger a final data migration from ij's VM and switch the DNS entries to the new IP of the Fedora host
+* clime will work on this
+* **Please note**: we were only three people discussing this, thus the plan currently does not rest on broad explicit acceptance. Please raise your voice, if you see problems with this strategy.
+
 
 ## 2018-08-05
 

Use the same TLS cert for apt and www
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 6dbd3a3..765e36a 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -283,8 +283,7 @@ If you are migrating to a new server, you may be interested in the [server migra
 
 * Install `certbot` and then create a few certs:
 
-      certbot certonly --webroot -w /var/www/acme -d apt.libravatar.org
-      certbot certonly --webroot -w /var/www/acme -d www.libravatar.org -d libravatar.org -d selfoss.libravatar.org
+      certbot certonly --webroot -w /var/www/acme -d www.libravatar.org -d libravatar.org -d selfoss.libravatar.org -d apt.libravatar.org
       certbot certonly --webroot -w /var/www/acme -d stats.libravatar.org
       certbot certonly --webroot -w /var/www/acme -d seccdn.libravatar.org
       systemctl restart apache2
@@ -292,15 +291,15 @@ If you are migrating to a new server, you may be interested in the [server migra
 * Symlink the letsencrypt certs in the right place:
 
       cd /etc/libravatar/
-      ln -s ../letsencrypt/live/apt.libravatar.org/privkey.pem apt.pem
-      ln -s ../letsencrypt/live/apt.libravatar.org/cert.pem apt.crt
-      ln -s ../letsencrypt/live/apt.libravatar.org/chain.pem apt-chain.pem
       ln -s ../letsencrypt/live/seccdn.libravatar.org/privkey.pem seccdn.pem
       ln -s ../letsencrypt/live/seccdn.libravatar.org/cert.pem seccdn.crt
       ln -s ../letsencrypt/live/seccdn.libravatar.org/chain.pem seccdn-chain.pem
       ln -s ../letsencrypt/live/stats.libravatar.org/privkey.pem stats.pem
       ln -s ../letsencrypt/live/stats.libravatar.org/cert.pem stats.crt
       ln -s ../letsencrypt/live/stats.libravatar.org/chain.pem stats-chain.pem
+      ln -s ../letsencrypt/live/www.libravatar.org/privkey.pem apt.pem
+      ln -s ../letsencrypt/live/www.libravatar.org/cert.pem apt.crt
+      ln -s ../letsencrypt/live/www.libravatar.org/chain.pem apt-chain.pem
       ln -s ../letsencrypt/live/www.libravatar.org/privkey.pem www.pem
       ln -s ../letsencrypt/live/www.libravatar.org/cert.pem www.crt
       ln -s ../letsencrypt/live/www.libravatar.org/chain.pem www-chain.pem

Add apt repo config
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 9e7d373..6dbd3a3 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -225,18 +225,65 @@ If you are migrating to a new server, you may be interested in the [server migra
             </Directory>
         </VirtualHost>
 
+  * `/etc/apache2/sites-available/apt.conf`:
+
+        <VirtualHost *:443>
+                ServerName apt.libravatar.org
+                ServerAdmin webmaster@libravatar.org
+        
+                SSLEngine On
+                SSLCertificateFile /etc/libravatar/apt.crt
+                SSLCertificateKeyFile /etc/libravatar/apt.pem
+                SSLCertificateChainFile /etc/libravatar/apt-chain.pem
+        
+                DocumentRoot /var/www/apt
+                <Directory /var/www/apt>
+                        ForceType text/html
+                        Options -MultiViews -Indexes
+                        AllowOverride None
+                        Order allow,deny
+                        allow from all
+                </Directory>
+        
+                ErrorLog ${APACHE_LOG_DIR}/error.log
+        
+                # Possible values include: debug, info, notice, warn, error, crit,
+                # alert, emerg.
+                LogLevel warn
+        
+                CustomLog ${APACHE_LOG_DIR}/access.log combined
+        </VirtualHost>
+        
+        <VirtualHost *:80>
+            ServerName apt.libravatar.org
+            ServerAdmin webmaster@libravatar.org
+            DocumentRoot /var/www/acme
+            <Directory /var/www/acme>
+                Options -Indexes
+            </Directory>
+        </VirtualHost>
 
 * Copy the stats password file (`/etc/apache2/stats.passwd`).
 
-* Enable the new vhost:
+* Create the empty apt repo:
+
+      mkdir /var/www/apt
+      chown francois:francois /var/www/apt
+      cd /var/www/apt
+      ln -s /usr/share/libravatar/libravatar/favicon.ico .
+      touch index.html sitemap.xml robots.txt
+
+* Enable the new vhosts:
 
       mkdir /var/www/acme
       a2ensite acme
+      a2ensite apt
       a2ensite default-ssl
       a2ensite stats
 
 * Install `certbot` and then create a few certs:
 
+      certbot certonly --webroot -w /var/www/acme -d apt.libravatar.org
       certbot certonly --webroot -w /var/www/acme -d www.libravatar.org -d libravatar.org -d selfoss.libravatar.org
       certbot certonly --webroot -w /var/www/acme -d stats.libravatar.org
       certbot certonly --webroot -w /var/www/acme -d seccdn.libravatar.org
@@ -245,6 +292,9 @@ If you are migrating to a new server, you may be interested in the [server migra
 * Symlink the letsencrypt certs in the right place:
 
       cd /etc/libravatar/
+      ln -s ../letsencrypt/live/apt.libravatar.org/privkey.pem apt.pem
+      ln -s ../letsencrypt/live/apt.libravatar.org/cert.pem apt.crt
+      ln -s ../letsencrypt/live/apt.libravatar.org/chain.pem apt-chain.pem
       ln -s ../letsencrypt/live/seccdn.libravatar.org/privkey.pem seccdn.pem
       ln -s ../letsencrypt/live/seccdn.libravatar.org/cert.pem seccdn.crt
       ln -s ../letsencrypt/live/seccdn.libravatar.org/chain.pem seccdn-chain.pem

Fix ACME pass-through
https://feeding.cloud.geek.nz/posts/redirecting-entire-site-except-certbot-webroot/
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index aa4ddf4..9e7d373 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -154,8 +154,16 @@ If you are migrating to a new server, you may be interested in the [server migra
   * `/etc/apache2/sites-enabled/000-default.conf`:
  
         <VirtualHost *:80>
-            RewriteEngine On
-            RewriteRule ^ https://www.libravatar.org [redirect=301,last]
+            ServerAdmin webmaster@libravatar.org
+            DocumentRoot /var/www/acme
+        
+            <Directory /var/www/acme>
+                Options -Indexes
+            </Directory>
+        
+            RewriteEngine on
+            RewriteCond "/var/www/acme%{REQUEST_URI}" !-f
+            RewriteRule ^(.*)$ https://www.libravatar.org/ [last,redirect=301]
         </VirtualHost>
 
   * `/etc/apache2/sites-available/default-ssl.conf`:

Fix the path of letsencrypt certs in symlinks
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 4f8015c..aa4ddf4 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -237,15 +237,15 @@ If you are migrating to a new server, you may be interested in the [server migra
 * Symlink the letsencrypt certs in the right place:
 
       cd /etc/libravatar/
-      ln -s ../letsencrypt/seccdn.libravatar.org/privkey.pem seccdn.pem
-      ln -s ../letsencrypt/seccdn.libravatar.org/cert.pem seccdn.crt
-      ln -s ../letsencrypt/seccdn.libravatar.org/chain.pem seccdn-chain.pem
-      ln -s ../letsencrypt/stats.libravatar.org/privkey.pem stats.pem
-      ln -s ../letsencrypt/stats.libravatar.org/cert.pem stats.crt
-      ln -s ../letsencrypt/stats.libravatar.org/chain.pem stats-chain.pem
-      ln -s ../letsencrypt/www.libravatar.org/privkey.pem www.pem
-      ln -s ../letsencrypt/www.libravatar.org/cert.pem www.crt
-      ln -s ../letsencrypt/www.libravatar.org/chain.pem www-chain.pem
+      ln -s ../letsencrypt/live/seccdn.libravatar.org/privkey.pem seccdn.pem
+      ln -s ../letsencrypt/live/seccdn.libravatar.org/cert.pem seccdn.crt
+      ln -s ../letsencrypt/live/seccdn.libravatar.org/chain.pem seccdn-chain.pem
+      ln -s ../letsencrypt/live/stats.libravatar.org/privkey.pem stats.pem
+      ln -s ../letsencrypt/live/stats.libravatar.org/cert.pem stats.crt
+      ln -s ../letsencrypt/live/stats.libravatar.org/chain.pem stats-chain.pem
+      ln -s ../letsencrypt/live/www.libravatar.org/privkey.pem www.pem
+      ln -s ../letsencrypt/live/www.libravatar.org/cert.pem www.crt
+      ln -s ../letsencrypt/live/www.libravatar.org/chain.pem www-chain.pem
 
 * Install a cronjob to [automatically renew these certs](https://feeding.cloud.geek.nz/posts/automatically-renewing-letsencrypt-certs-on-debian-using-certbot/) in `/etc/cron.daily/certbot-renew-libravatar`:
 

Fix ACME config
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index e463b88..4f8015c 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -209,7 +209,7 @@ If you are migrating to a new server, you may be interested in the [server migra
   * `/etc/apache2/sites-available/acme.conf`:
  
         <VirtualHost *:80>
-            ServerName stats.libravatar.org
+            ServerName acme.libravatar.org
             ServerAdmin webmaster@libravatar.org
             DocumentRoot /var/www/acme
             <Directory /var/www/acme>

Mention the libravatar-deployment group (for sudo access)
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 565d87a..e463b88 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -360,6 +360,10 @@ If you are migrating to a new server, you may be interested in the [server migra
 
       apt install --no-install-recommends gearman-job-server
 
+* Add your username to the `libravatar-deployment` group:
+
+      adduser francois libravatar-deployment
+
 # Git mirrors
 
 * Install `hg`:

Note that my GPG key has to be installed and trusted
Otherwise the cronjob will contain this noise:
gpg: F90424B0: There is no assurance this key belongs to the named user
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 86b2580..565d87a 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -327,6 +327,14 @@ If you are migrating to a new server, you may be interested in the [server migra
       6 14 * * *      root    /home/francois/.backup/backup-selfoss
       6 23 * * 3      root    /home/francois/.backup/backup-selfoss --full
 
+* Install the appropriate gpg key as **root**:
+
+      gpg --keyserver pgp.mit.edu --recv-key 16281F2E007C98D1
+
+* Mark the key as **ultimately trusted** by using the `trust` command after typing:
+
+      gpg --edit-key 16281F2E007C98D1
+
 * Run an initial backup:
 
       sudo /home/francois/.backup/backup-selfoss

The Django secret must be filled in
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index fec1d30..86b2580 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -344,7 +344,9 @@ If you are migrating to a new server, you may be interested in the [server migra
         apt update
         apt install libravatar{,-common,-cdn,-cdn-common,-deployment,-www,-master}
 
-  * Use `6432` for the database port number, otherwise accept all of the defaults
+  * Use the defaults for all of the debconf questions except:
+    * `6432` for the database port number
+    * a string from `pwgen -s 50` for the Django secret
 
 * Install `gearman-job-server`:
 

Simplify repo config and mention the permissions of the ssh key
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index bac0d69..fec1d30 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -396,10 +396,10 @@ If you are migrating to a new server, you may be interested in the [server migra
         IdentityFile ~/.ssh/repository_mirrors
         AddressFamily inet
 
-* Copy `repository_mirrors` ssh key from old server into `/home/francois/.ssh/`
-* Create directory for mercurial mirror: `mkdir -p /home/francois/git-mirrors/libravatar-hg`
-* Prepare directory for git repository:
+* Copy `repository_mirrors` ssh key from old server into `/home/francois/.ssh/` (make sure that the private key has **`600` permissions**)
+* Prepare directory for git and mercurial repositories:
 
+      mkdir -p /home/francois/git-mirrors/libravatar-hg
       cd /home/francois/git-mirrors/
       git clone https://git.launchpad.net/~libravatar/libravatar git
       cd git

Code hosting has moved to Launchpad
diff --git a/freedom-respecting_infrastructure.mdwn b/freedom-respecting_infrastructure.mdwn
index b6147c4..e47ac7f 100644
--- a/freedom-respecting_infrastructure.mdwn
+++ b/freedom-respecting_infrastructure.mdwn
@@ -1,6 +1,5 @@
 The Libravatar project is proud to support other [free-as-in-freedom](http://autonomo.us/2008/07/franklin-street-statement/) services:
 
 * [Branchable](http://www.branchable.com) ([blog](http://blog.libravatar.org) and [wiki](http://wiki.libravatar.org))
-* [Gitlab CE](https://gitlab.com/gitlab-org/gitlab-ce) ([code hosting](https://git.nzoss.org.nz/libravatar))
 * [Identica](http://identi.ca) ([micro-blogging](http://identi.ca/libravatar))
-* [Launchpad](https://launchpad.net) ([bug tracker](https://bugs.launchpad.net/libravatar), [translations](https://translations.launchpad.net/libravatar), [code mirror](https://code.launchpad.net/libravatar) and [mailing list](https://launchpad.net/~libravatar-fans))
+* [Launchpad](https://launchpad.net) ([code hosting](https://code.launchpad.net/~libravatar/libravatar/+git/libravatar), [bug tracker](https://bugs.launchpad.net/libravatar), [translations](https://translations.launchpad.net/libravatar), [code mirror](https://code.launchpad.net/libravatar) and [mailing list](https://launchpad.net/~libravatar-fans))

Add bandwidth numbers from Rackspace invoice
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index f74dad9..e2b314e 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -169,11 +169,11 @@ As of 2018-04-03, the storage requirements are:
 For the month of March 2018, the traffic looked like this:
 
 * Application server:
-  * Bandwidth: 328.31 MB
+  * Bandwidth: 328.31 MB in awstats (45 GB in Rackspace billing)
   * Hits: 43,823
 
 * Static image server:
-  * Bandwidth: 18.99 GB
+  * Bandwidth: 18.99 GB in awstats (68 GB in Rackspace billing)
   * Total hits: 11,191,373
   * Redirects (to Gravatar): 9,605,127
 

Mention doing a test run of the git mirror scripts
This is needed in order to seed /home/francois/.ssh/known_hosts.
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index f632157..bac0d69 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -405,6 +405,11 @@ If you are migrating to a new server, you may be interested in the [server migra
       cd git
       git remote add github git@github.com:libravatar/libravatar.git
 
+* Do a test run for each of them (as `francois`):
+
+      /usr/local/bin/git-mirror && echo success
+      /usr/local/bin/hg-mirror && echo success
+
 * Create the following cron jobs in `/etc/cron.d/libravatar_git-mirrors`:
 
       50 * * * *      francois        /usr/local/bin/git-mirror

Create empty log files to silence logcheck
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 58722f1..f632157 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -27,6 +27,11 @@ If you are migrating to a new server, you may be interested in the [server migra
       /var/log/libravatar/workers.log
       /var/log/postgresql/postgresql-9.4-main.log
 
+* Create empty log files (for logcheck):
+
+      touch /var/log/libravatar/error-{cdn,seccdn,www}.log
+      chown www-data:www-data /var/log/libravatar/error-{cdn,seccdn,www}.log
+
 # Firewall
 
 * In `/etc/network/iptables.up.rules`, put the following:

Add a note to change log retention
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 26211d9..58722f1 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -264,6 +264,10 @@ If you are migrating to a new server, you may be interested in the [server migra
       LogType=W
       LogFormat=1
 
+* Reduce log retention to 10 days by setting the following in `/etc/logrotate.d/apache2`:
+
+      rotate 10
+
 # Backups
 
 * Add this script to `/usr/local/sbin/libravatar_backups`:

Remove duplicated point and make all links clickable
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 7580150..f74dad9 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -74,24 +74,23 @@ Neither Oliver nor clime present, thus we skipped this topic.
 * Where does code hosting go? does it stay with launchpad (peferably pagure to move everything to fedora infra)
 * Domain transfer- where does it go? (preferably fedora, instead of individual to reduce bus factor)
 * DigitalOcean would probably sponsor something (for 1 year only?)
-* Where does code hosting go? (peferably pagure to move everything to fedora infra)
 * smurf offered hosting too
 * No final decisions were made. Maybe collect options and pros/cons in the wiki and via the mailing list?
 
 ### Discuss about new design concept
 
-Nipos proposed a design concept: https://codepen.io/niklasposlovski/full/RByopx/
+Nipos proposed a design concept: <https://codepen.io/niklasposlovski/full/RByopx/>
 
 * design is appreciated by all participants
 * license is fine
 * bootstrap v3: "compatible" older version is preferable over v4
 * we discussed a bit about the icon to be used
-  https://github.com/libravatar/libravatar/blob/7d3e069e18927df7d5e05bccdca7215210dd8063/static/img/libravatar_logo.svg
-* next step: nipos will fork https://git.linux-kernel.at/oliver/ivatar and integrate the new design
+  <https://github.com/libravatar/libravatar/blob/7d3e069e18927df7d5e05bccdca7215210dd8063/static/img/libravatar_logo.svg>
+* next step: nipos will fork <https://git.linux-kernel.at/oliver/ivatar> and integrate the new design
 
 ### Various details
 
-* "Mirrors may not require SNI": https://wiki.libravatar.org/how_to_add_a_mirror_slave_to_the_mirror_master/
+* "Mirrors may not require SNI": <https://wiki.libravatar.org/how_to_add_a_mirror_slave_to_the_mirror_master/>
     * probably we should lift this requirement? (only elinks seems to lack support for SNI)
 * Mirrors running in a Docker container for easier setup?
 * Mirrors are tied to the Debian package implementation (crons), what about other distros? (Alpine, Arch)
@@ -127,7 +126,7 @@ Nipos proposed a design concept: https://codepen.io/niklasposlovski/full/RByopx/
     * ofalk will review potentially missing features of his implementation
     * nipos will try to prepare something for the new web interface
 * Communication & Meetings:
-    * everyone interested should subscribe to the mailing list: https://launchpad.net/~libravatar-fans
+    * everyone interested should subscribe to the mailing list: <https://launchpad.net/~libravatar-fans>
     * next IRC meeting: 2018-08-05, 19:00 UTC, #libravatar at freenode
         * afterwards: biweekly meetings
 * Next issues to be discussed:

Expand duplicity backup script instructions
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 324d2ee..26211d9 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -292,6 +292,23 @@ If you are migrating to a new server, you may be interested in the [server migra
 * Add my duplicity backup script to `/home/francois/.backup/` and update:
   * GPG passhrase
   * Destination directory (which includes the hostname)
+
+* Add the following to `/home/francois/.backup/exclude`:
+
+      /etc/.git
+      /home/francois/.cache
+      /home/francois/git-mirrors
+
+* Add the following to `/home/francois/.backup/include`:
+
+      /etc
+      /home/francois
+      /usr/local/bin
+      /usr/local/sbin
+      /var/backups/libravatar
+      /var/lib/libravatar
+      /var/log/libravatar
+
 * Create this cronjob in `/etc/cron.d/libravatar_backups`:
 
       # Local DB backups

Add missing package for duplicity
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index b346fa7..324d2ee 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -285,7 +285,10 @@ If you are migrating to a new server, you may be interested in the [server migra
       find $DUMP_DIR -ctime +7 -delete
 
 * Create an empty `/var/backups/libravatar` directory
-* Install duplicity (`apt install duplicity`)
+* Install duplicity:
+
+      apt install duplicity python-boto
+
 * Add my duplicity backup script to `/home/francois/.backup/` and update:
   * GPG passhrase
   * Destination directory (which includes the hostname)

Fixes for jessie
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index e447dc2..b346fa7 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -25,7 +25,7 @@ If you are migrating to a new server, you may be interested in the [server migra
       /var/log/libravatar/error-seccdn.log
       /var/log/libravatar/error-www.log
       /var/log/libravatar/workers.log
-      /var/log/postgresql/postgresql-8.4-main.log
+      /var/log/postgresql/postgresql-9.4-main.log
 
 # Firewall
 
@@ -153,7 +153,7 @@ If you are migrating to a new server, you may be interested in the [server migra
             RewriteRule ^ https://www.libravatar.org [redirect=301,last]
         </VirtualHost>
 
-  * `/etc/apache2/sites-enabled/default-ssl.conf`:
+  * `/etc/apache2/sites-available/default-ssl.conf`:
 
         <VirtualHost *:443>
             SSLEngine on

Drop prohibition against SNI and note about HTTP being more common
diff --git a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
index aa4455b..c3f8d90 100644
--- a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
+++ b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
@@ -84,9 +84,9 @@ Add these two DNS records in the <tt>libravatar.org</tt> zone:
 
 # SSL testing
 
-Once the DNS zone has been updated, use the [SSL Labs tool](https://www.ssllabs.com/ssltest/analyze.html?d=seccdn.libravatar.org&hideResults=on) to make sure that the SSL config for the new mirror matches the other ones. In particular, it is important that the new mirror does not require the use of [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication) since it's not supported on [old operating systems](https://en.wikipedia.org/wiki/Windows_XP).
+Once the DNS zone has been updated, use the [SSL Labs tool](https://www.ssllabs.com/ssltest/analyze.html?d=seccdn.libravatar.org&hideResults=on) to make sure that the SSL config for the new mirror matches the other ones.
 
-If there are any problems, simply take the new mirror out of the `seccdn` CNAME group. The bandwidth requirements for HTTP are much bigger, so it's fine to have fewer mirrors doing HTTPS.
+If there are any problems, simply take the new mirror out of the `seccdn` CNAME group.
 
 # Basic monitoring
 

log of today's meeting
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 64d6045..7580150 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -16,15 +16,86 @@ Please join the communication channels:
 
 # IRC meetings
 
-## 2018-08-05 (Upcoming)
+## 2018-08-19 (Upcoming)
 
 Everyone interested in supporting the libravatar project (code or service) is welcome!
 
-* 2018-08-05, 19:00 UTC (see [local times](https://www.timeanddate.com/worldclock/fixedtime.html?msg=Libravatar+Future&iso=20180805T19&p1=%3A))
+* 2018-08-19, 19:00 UTC (see [local times](https://www.timeanddate.com/worldclock/fixedtime.html?msg=Libravatar+Future&iso=20180819T19&p1=%3A))
 * channel `#libravatar` at irc.freenode.net
 * Preparation / Agenda: <https://pad.riseup.net/p/libravatar-future-irc> (please add your topics / proposals / ideas)
 
-We want to discuss and coordinate details about the migration to a new implementation, GDPR issues and a lot more.
+
+## 2018-08-05
+
+* Participants: fmarier, ij, kumy, nipos, opal, sumpfralle, tklk, tleguern
+
+### Review
+
+What happened during the last week?
+
+* new mirror set up by Asako
+* new VM is up with double RAM (compared to the current one)
+    * fmarier has ssh access to the vm (root) - he will install the service and migrate data in the next days
+
+
+### GDPR
+What do we need to do with regards to handling of personal data. Can we migrate the old data?
+
+#### Which data is currently stored?
+
+* email adresses: for password resets - although emails can be hashed and still be used for this purpose (even though emails can be removed, this might not be great UX as users don't know which accounts they are assigning an avatar to)
+* username: for logging in
+* uploaded photos: obvious primary use of the service
+* linked OpenIDs
+* login cookie
+* we used to store ip addresses but it's all gone
+* IP adresses in server logs
+* On mirrors, `mod_removeip` is enabled -> no IPs are logged
+* On master access logs are stored for 10 days (currently with ips)
+* We do not store any IP address starting at 05/08/18 19:26 UTC - in 10 days, no IP remains in the logs
+
+#### Should / could we do something at the moment?
+
+* suggestion of mass email (no consent given by users to have mass emails, so I'm against this) to me this seems like a special case and falls under the category of "important email" in order to follow legislation
+* add checkbox for new accounts that they've accepted TOS/Privacy policy
+* add terms of use/privacy policy
+* We have support for data deletion and export since first release (as wanted by the GDPR).
+* We miss a "privacy policy" text.
+    * opal offered to write a text for libravatar.
+
+Summary: we think, we are currently complying with law requirements. We will take a closer look at the new implementation with regards to opt-in and privacy policy.
+
+### Evaluate the state of the new implementation
+
+Neither Oliver nor clime present, thus we skipped this topic.
+
+### Discuss the hosting options for the new implementation
+
+* Where does code hosting go? does it stay with launchpad (peferably pagure to move everything to fedora infra)
+* Domain transfer- where does it go? (preferably fedora, instead of individual to reduce bus factor)
+* DigitalOcean would probably sponsor something (for 1 year only?)
+* Where does code hosting go? (peferably pagure to move everything to fedora infra)
+* smurf offered hosting too
+* No final decisions were made. Maybe collect options and pros/cons in the wiki and via the mailing list?
+
+### Discuss about new design concept
+
+Nipos proposed a design concept: https://codepen.io/niklasposlovski/full/RByopx/
+
+* design is appreciated by all participants
+* license is fine
+* bootstrap v3: "compatible" older version is preferable over v4
+* we discussed a bit about the icon to be used
+  https://github.com/libravatar/libravatar/blob/7d3e069e18927df7d5e05bccdca7215210dd8063/static/img/libravatar_logo.svg
+* next step: nipos will fork https://git.linux-kernel.at/oliver/ivatar and integrate the new design
+
+### Various details
+
+* "Mirrors may not require SNI": https://wiki.libravatar.org/how_to_add_a_mirror_slave_to_the_mirror_master/
+    * probably we should lift this requirement? (only elinks seems to lack support for SNI)
+* Mirrors running in a Docker container for easier setup?
+* Mirrors are tied to the Debian package implementation (crons), what about other distros? (Alpine, Arch)
+* Drop HTTP support to HTTPS only - HSTS?
 
 
 ## 2018-07-29

Remove namecoin leftovers
diff --git a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
index 92a6106..aa4455b 100644
--- a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
+++ b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
@@ -75,17 +75,12 @@ and then lookup images using the [test tool](https://www.libravatar.org/tools/ch
 
 # Adding the new mirror to the DNS load-balancer
 
-1. Add these two DNS records in the <tt>libravatar.org</tt> zone:
-
-       cdn      A    10   123.123.123.123
-       seccdn   A    10   123.123.123.123
-       cdn      AAAA 10   dead::beef
-       seccdn   AAAA 10   dead::beef
-
-2. Add the same records to the [JSON zone file](https://bazaar.launchpad.net/~libravatar/libravatar/master/view/head:/config/dns.json) and then use <tt>namecoind</tt> to update the <tt>libravatar.bit</tt> zone:
-
-       namecoind name_update d/libravatar "`xargs echo < config/dns.json`"
+Add these two DNS records in the <tt>libravatar.org</tt> zone:
 
+    cdn      A    10   123.123.123.123
+    seccdn   A    10   123.123.123.123
+    cdn      AAAA 10   dead::beef
+    seccdn   AAAA 10   dead::beef
 
 # SSL testing
 

Link to Libravatar revival blogpost
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index a7612f0..64d6045 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -1,3 +1,5 @@
+**Update (2018-07-31): [Libravatar is not going away](https://blog.libravatar.org/posts/Libravatar.org_is_not_going_away/)**
+
 Here is a place where people who are interested in [taking over Libravatar](https://blog.libravatar.org/posts/Libravatar.org_is_shutting_down_on_2018-09-01/) can coordinate.
 
 [[!toc levels=2]]

add IRC meeting summary and improve structure
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 79dcaf7..a7612f0 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -1,14 +1,66 @@
 Here is a place where people who are interested in [taking over Libravatar](https://blog.libravatar.org/posts/Libravatar.org_is_shutting_down_on_2018-09-01/) can coordinate.
 
-# Upcoming IRC meeting: 2018-07-29
+[[!toc levels=2]]
 
-Everyone interested in keeping libravatar alive is welcome!
+# Your contribution is welcome!
 
-* 2018-07-29, 7pm UTC
+A group of people is working on continuing the libravatar development (code and service).
+
+Please join the communication channels:
+
+* [Mailing list](https://launchpad.net/~libravatar-fans)
+* `#libravatar` at irc.freenode.net
+
+
+# IRC meetings
+
+## 2018-08-05 (Upcoming)
+
+Everyone interested in supporting the libravatar project (code or service) is welcome!
+
+* 2018-08-05, 19:00 UTC (see [local times](https://www.timeanddate.com/worldclock/fixedtime.html?msg=Libravatar+Future&iso=20180805T19&p1=%3A))
 * channel `#libravatar` at irc.freenode.net
 * Preparation / Agenda: <https://pad.riseup.net/p/libravatar-future-irc> (please add your topics / proposals / ideas)
 
-We want to discuss and coordinate about possible ways of keeping libravatar alive and healthy.
+We want to discuss and coordinate details about the migration to a new implementation, GDPR issues and a lot more.
+
+
+## 2018-07-29
+
+* Participants (IRC nicknames): clime, ij, fmarier, kumy, nipos, ofalk, sumpfralle, tleguern
+* Challenges of our endeavour:
+    * organize a new development group / process
+    * organize a new hosting setup / group
+* Software implementation options:
+    * A) improve the current implementation
+    * \B) Oliver's new Django-based implementation
+    * C) Matti's implementation in golang
+    * D) tleguern's C-based implementation (targetted at self-hosting people)
+    * Conclusion: we decided for B
+* Discussion topics:
+    * if/how to keep the data of existing users
+    * handling of GDPR issues when transferring the user's data to a new operator team
+    * different hosting options (long-term)
+    * future communication channels
+* Goals:
+    * Goal #1: Do we want to continue the service longer than September this year?
+        * everyone agrees
+    * Goal #2: Do we want to continue offering the service past September with the current dataset of users? (GDPR issues will have to be solved for that)
+        * majority agrees
+            * clime is concerned about the service downtime (avatars being available for all users at all times) during data migration
+* Migration plan: fmarier will help migrate the current setup (code + data) to a new VM and admits to operate that for up to two months longer (end of November). Meanwhile we are rushing to resolve GDRP issues and migrate the data to the new implementation and get that live as soon as possible. This will relieve fmarier from the service.
+* Actions:
+    * fmarier and ij will migrate the service as-is to a new VM
+    * ofalk will review potentially missing features of his implementation
+    * nipos will try to prepare something for the new web interface
+* Communication & Meetings:
+    * everyone interested should subscribe to the mailing list: https://launchpad.net/~libravatar-fans
+    * next IRC meeting: 2018-08-05, 19:00 UTC, #libravatar at freenode
+        * afterwards: biweekly meetings
+* Next issues to be discussed:
+    * GDPR: can we migrate the old data?
+    * Evaluate the state of the new implementation.
+    * Discuss the hosting options for the new implementation.
 
 
 # Contacts / Offers of Help
@@ -26,9 +78,10 @@ I second this.  I would like to see this service keep going if possible.  How ma
 I also would like to keep the service alive. I can offer free hosting on dedicated ipv4 and ipv6. I'm currently trying to deploy a private instance of the project using docker. libravatar@kumy.net
 
 I can offer free hosting for the service. smurf@debian.org
+
 ---
 
-# Stats
+## Stats
 
 As of 2018-04-03, the storage requirements are:
 
@@ -52,7 +105,7 @@ For the month of March 2018, the traffic looked like this:
   * Total hits: 11,191,373
   * Redirects (to Gravatar): 9,605,127
 
-# Current stack
+## Current stack
 
 - OS: Debian 8.11 (jessie)
 - Framework: Django 1.7.11
@@ -60,14 +113,14 @@ For the month of March 2018, the traffic looked like this:
 - Webserver: Apache 2.4.10
 - Queue: Gearman 1.0.6
 
-# Cost
+## Cost
 
 The cost (currently covered by Rackspace through their OSS program) for the month of March 2018 was $70 USD:
 
 - Cloud Bandwidth: $13.50
 - Cloud Servers: $56.84
 
-# External accounts
+## External accounts
 
 In addition to the domain names (libravatar.org and libravatar.com), the following accounts could be transferred to the new team:
 
@@ -86,7 +139,7 @@ Contact me at ij@2017.bluespice.org or @ingoj on Twitter.
 
 ---
 
-# Digital Ocean
+## Digital Ocean
 
 [DigitalOcean](https://digitalocean.com) would be a good place to move this service.  A couple of [$10 droplets](https://blog.digitalocean.com/new-droplet-plans) could easily handle the load.  The question is who would you want to own the servers?
 

remove hello@techknowlogick.com
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index c2b114e..79dcaf7 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -133,16 +133,4 @@ Source code can be found [here](https://git.linux-kernel.at/oliver/ivatar).
 
 ---
 
-I am a maintainer of Gitea, which uses libravatar, and am a part of the federated code working group (originally called the “git-pub” working group). I also provide hosting for Gitea installs, and various other FOSS projects (such as PeerTube).
-
-I’d like to continue hosting of libravatar as I wouldn’t want it to break for any users of Gitea, or other services that use libravatar.
-
-I have experience with Python (and other languages), and system administration.
-
-Current status: I'm at 80% of a rewrite of libravatar in Go, and have ported several libraries (monsterID, wavatars, and others), so that if a hash isn't found for sha256 then they can be used as a fallback if requested.
-
-Email: hello@techknowlogick.com
-
----
-
 Catalyst Cloud would be happy to host a mirror - Andrew Ruthven, puck@catalystcloud.nz

Unavailable in the coming weeks/months so I removed myself from the coordination page. Will be happy to rejoin later.
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 022e1cb..c2b114e 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -23,8 +23,6 @@ Can we get some statistics about the service now? Both in terms of the infrastru
 
 I second this.  I would like to see this service keep going if possible.  How many servers are currently in production and what is the monthly cost to host them?  I have over 15 years experience as a server admin including time in the hosting industry and would love to contribute.  Email is wattersm@watters.ws 
 
-[Proxience](http://proxience.com) and I, [Frédéric Lehobey](https://wiki.debian.org/Fr%C3%A9d%C3%A9ricLehobey), are willing in helping keeping Libravatar running. Email contact is contact@proxience.com.
-
 I also would like to keep the service alive. I can offer free hosting on dedicated ipv4 and ipv6. I'm currently trying to deploy a private instance of the project using docker. libravatar@kumy.net
 
 I can offer free hosting for the service. smurf@debian.org

Weblate no longer supports Libravatar: https://blog.cihar.com/archives/2018/07/27/weblate-3-1/
diff --git a/libraries.mdwn b/libraries.mdwn
index d445527..7a7d667 100644
--- a/libraries.mdwn
+++ b/libraries.mdwn
@@ -139,7 +139,7 @@ There aren't many plugins available at the moment, but please [[suggest the ones
 * [Symfony](https://github.com/julienfastre/LibravatarBundle)
 * [Toc Messenger](https://github.com/lewisl9029/toc) (part of core)
 * [Trac](https://pypi.python.org/pypi/tracvatar/)
-* [Weblate](http://weblate.org/) (part of core starting in 1.5)
+* <s>[Weblate](http://weblate.org/) (part of core starting in 1.5, removed in 3.1)</s>
 * Wordpress: [Libravatar](http://wordpress.org/extend/plugins/libravatar/) and [Libravatar Replace](http://wordpress.org/plugins/libravatar-replace/)
 * [Zookeepr](http://zookeepr.org/) (part of core, starting with PyCon AU 2012)
 

Coordination IRC meeting: 2018-07-29
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 573e39b..022e1cb 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -1,5 +1,18 @@
 Here is a place where people who are interested in [taking over Libravatar](https://blog.libravatar.org/posts/Libravatar.org_is_shutting_down_on_2018-09-01/) can coordinate.
 
+# Upcoming IRC meeting: 2018-07-29
+
+Everyone interested in keeping libravatar alive is welcome!
+
+* 2018-07-29, 7pm UTC
+* channel `#libravatar` at irc.freenode.net
+* Preparation / Agenda: <https://pad.riseup.net/p/libravatar-future-irc> (please add your topics / proposals / ideas)
+
+We want to discuss and coordinate about possible ways of keeping libravatar alive and healthy.
+
+
+# Contacts / Offers of Help
+
 Please leave some contact details so that others can reach out to you.
 
 ---

Document what the current stack consists of.
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index d1273b3..573e39b 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -41,6 +41,14 @@ For the month of March 2018, the traffic looked like this:
   * Total hits: 11,191,373
   * Redirects (to Gravatar): 9,605,127
 
+# Current stack
+
+- OS: Debian 8.11 (jessie)
+- Framework: Django 1.7.11
+- Database: PostgreSQL 9.4
+- Webserver: Apache 2.4.10
+- Queue: Gearman 1.0.6
+
 # Cost
 
 The cost (currently covered by Rackspace through their OSS program) for the month of March 2018 was $70 USD:

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 78c6310..d1273b3 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -120,6 +120,8 @@ I’d like to continue hosting of libravatar as I wouldn’t want it to break fo
 
 I have experience with Python (and other languages), and system administration.
 
+Current status: I'm at 80% of a rewrite of libravatar in Go, and have ported several libraries (monsterID, wavatars, and others), so that if a hash isn't found for sha256 then they can be used as a fallback if requested.
+
 Email: hello@techknowlogick.com
 
 ---

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 114d552..78c6310 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -114,9 +114,9 @@ Source code can be found [here](https://git.linux-kernel.at/oliver/ivatar).
 
 ---
 
-I am a maintainer of Gitea, which uses libavatar, and am a part of the federated code working group (originally called the “git-pub” working group). I also provide hosting for Gitea installs, and various other FOSS projects (such as PeerTube).
+I am a maintainer of Gitea, which uses libravatar, and am a part of the federated code working group (originally called the “git-pub” working group). I also provide hosting for Gitea installs, and various other FOSS projects (such as PeerTube).
 
-I’d like to continue hosting of libavatar as I wouldn’t want it to break for any users of Gitea, or other services that use libavatar.
+I’d like to continue hosting of libravatar as I wouldn’t want it to break for any users of Gitea, or other services that use libravatar.
 
 I have experience with Python (and other languages), and system administration.
 

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 02a0f28..114d552 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -124,4 +124,4 @@ Email: hello@techknowlogick.com
 
 ---
 
-Catalyst Cloud would be happy to host a mirror.
+Catalyst Cloud would be happy to host a mirror - Andrew Ruthven, puck@catalystcloud.nz

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index b097658..02a0f28 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -121,3 +121,7 @@ I’d like to continue hosting of libavatar as I wouldn’t want it to break for
 I have experience with Python (and other languages), and system administration.
 
 Email: hello@techknowlogick.com
+
+---
+
+Catalyst Cloud would be happy to host a mirror.

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 3798d4d..b097658 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -105,10 +105,19 @@ I am available for any discussions related to the shutdown and the migration tho
 
 I want to keep this great project alive.I'm the developer of the Mastodon client Halcyon which I took over when the original developer quit his work and deleted his repository.I successfully made it popular again and added many new functions so far.I hope that I can archieve this goal a second time with Libravatar.I don't know the server side languages used here (I'm an PHP developer) but I can modernize the client side and with the support of a great community who will hopefully pay for the servers I can also manage the hosting.I want to keep things open and I think it's bad when everyone has to change to the closed source Gravatar.Instead I want to keep an open source avatar hoster which hopefully will some time in the future federated.I'm always here to help - Email: ni.pos@yandex.com Jabber: bw5rws@jabber.lima-city.de Matrix: @nipos:avareborn.de And I'm also in the #libravatar IRC Channel which could be helpful for coordinating the future of this project.
 
-
 ---
 
 @all, but especially to @clime@redhat.com. I've created a local repo on my Gitlab for the moment, rewrote most of the code for Django 2 and deployed a first more or less working copy to OpenShift. Questions, please don't hesitate to contact me at: oliver@linux-kernel.at
 Regarding the question about libravatar and Python 3. I didn't touch the lib yet, but that will also happen, yes. I think the first, important move, was to upgrade the backend to Django 2. Next is to modernize the frontend (I'm thinking about Bootstrap... And no, no Angular, React, Vue, ...).
 I really hope that nobody else is working on this and is as far as I am already. :-)
 Source code can be found [here](https://git.linux-kernel.at/oliver/ivatar).
+
+---
+
+I am a maintainer of Gitea, which uses libavatar, and am a part of the federated code working group (originally called the “git-pub” working group). I also provide hosting for Gitea installs, and various other FOSS projects (such as PeerTube).
+
+I’d like to continue hosting of libavatar as I wouldn’t want it to break for any users of Gitea, or other services that use libavatar.
+
+I have experience with Python (and other languages), and system administration.
+
+Email: hello@techknowlogick.com

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index ef603b3..3798d4d 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -4,6 +4,8 @@ Please leave some contact details so that others can reach out to you.
 
 ---
 
+I can offer hosting, domain, CDN for free. showfom@gmail.com
+
 Can we get some statistics about the service now? Both in terms of the infrastructure (assuming infra support won't continue) and in terms of what is required to keep it going?  Do we know how many avatars are served? stored? etc? (bex@pobox.com)
 
 I second this.  I would like to see this service keep going if possible.  How many servers are currently in production and what is the monthly cost to host them?  I have over 15 years experience as a server admin including time in the hosting industry and would love to contribute.  Email is wattersm@watters.ws 

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index b6a97a9..ef603b3 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -109,4 +109,4 @@ I want to keep this great project alive.I'm the developer of the Mastodon client
 @all, but especially to @clime@redhat.com. I've created a local repo on my Gitlab for the moment, rewrote most of the code for Django 2 and deployed a first more or less working copy to OpenShift. Questions, please don't hesitate to contact me at: oliver@linux-kernel.at
 Regarding the question about libravatar and Python 3. I didn't touch the lib yet, but that will also happen, yes. I think the first, important move, was to upgrade the backend to Django 2. Next is to modernize the frontend (I'm thinking about Bootstrap... And no, no Angular, React, Vue, ...).
 I really hope that nobody else is working on this and is as far as I am already. :-)
-Source code: https://git.linux-kernel.at/oliver/ivatar
+Source code can be found [here](https://git.linux-kernel.at/oliver/ivatar).

Add URL to source.
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index f0ef621..b6a97a9 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -109,3 +109,4 @@ I want to keep this great project alive.I'm the developer of the Mastodon client
 @all, but especially to @clime@redhat.com. I've created a local repo on my Gitlab for the moment, rewrote most of the code for Django 2 and deployed a first more or less working copy to OpenShift. Questions, please don't hesitate to contact me at: oliver@linux-kernel.at
 Regarding the question about libravatar and Python 3. I didn't touch the lib yet, but that will also happen, yes. I think the first, important move, was to upgrade the backend to Django 2. Next is to modernize the frontend (I'm thinking about Bootstrap... And no, no Angular, React, Vue, ...).
 I really hope that nobody else is working on this and is as far as I am already. :-)
+Source code: https://git.linux-kernel.at/oliver/ivatar

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 4086ecb..f0ef621 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -102,3 +102,10 @@ I am available for any discussions related to the shutdown and the migration tho
 ---
 
 I want to keep this great project alive.I'm the developer of the Mastodon client Halcyon which I took over when the original developer quit his work and deleted his repository.I successfully made it popular again and added many new functions so far.I hope that I can archieve this goal a second time with Libravatar.I don't know the server side languages used here (I'm an PHP developer) but I can modernize the client side and with the support of a great community who will hopefully pay for the servers I can also manage the hosting.I want to keep things open and I think it's bad when everyone has to change to the closed source Gravatar.Instead I want to keep an open source avatar hoster which hopefully will some time in the future federated.I'm always here to help - Email: ni.pos@yandex.com Jabber: bw5rws@jabber.lima-city.de Matrix: @nipos:avareborn.de And I'm also in the #libravatar IRC Channel which could be helpful for coordinating the future of this project.
+
+
+---
+
+@all, but especially to @clime@redhat.com. I've created a local repo on my Gitlab for the moment, rewrote most of the code for Django 2 and deployed a first more or less working copy to OpenShift. Questions, please don't hesitate to contact me at: oliver@linux-kernel.at
+Regarding the question about libravatar and Python 3. I didn't touch the lib yet, but that will also happen, yes. I think the first, important move, was to upgrade the backend to Django 2. Next is to modernize the frontend (I'm thinking about Bootstrap... And no, no Angular, React, Vue, ...).
+I really hope that nobody else is working on this and is as far as I am already. :-)

typo
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 7dd1cfb..4086ecb 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -10,7 +10,7 @@ I second this.  I would like to see this service keep going if possible.  How ma
 
 [Proxience](http://proxience.com) and I, [Frédéric Lehobey](https://wiki.debian.org/Fr%C3%A9d%C3%A9ricLehobey), are willing in helping keeping Libravatar running. Email contact is contact@proxience.com.
 
-I also would like to keep the service alive. I can offer free hosting, dedicated ipv4 and ipv6. I'm currently trying to deploy a private instance of the project using docker. libravatar@kumy.net
+I also would like to keep the service alive. I can offer free hosting on dedicated ipv4 and ipv6. I'm currently trying to deploy a private instance of the project using docker. libravatar@kumy.net
 
 I can offer free hosting for the service. smurf@debian.org
 ---

free hosting, dedicated ipv4 and ipv6
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index f8458a9..7dd1cfb 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -10,7 +10,7 @@ I second this.  I would like to see this service keep going if possible.  How ma
 
 [Proxience](http://proxience.com) and I, [Frédéric Lehobey](https://wiki.debian.org/Fr%C3%A9d%C3%A9ricLehobey), are willing in helping keeping Libravatar running. Email contact is contact@proxience.com.
 
-I also would like to keep the service alive. I can offer hosting. I'm currently trying to deploy a private instance of the project using docker. libravatar@kumy.net
+I also would like to keep the service alive. I can offer free hosting, dedicated ipv4 and ipv6. I'm currently trying to deploy a private instance of the project using docker. libravatar@kumy.net
 
 I can offer free hosting for the service. smurf@debian.org
 ---

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 2ea829e..f8458a9 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -98,3 +98,7 @@ It is a CGI program currently implementing the size, default and forcedefault fl
 This is not finished and not a suitable replacement for the current stack as it uses the file system directly but it is good enough for self-hosting. I use it at https://avatars.bouledef.eu/index
 
 I am available for any discussions related to the shutdown and the migration though - tleguern@bouledef.eu
+
+---
+
+I want to keep this great project alive.I'm the developer of the Mastodon client Halcyon which I took over when the original developer quit his work and deleted his repository.I successfully made it popular again and added many new functions so far.I hope that I can archieve this goal a second time with Libravatar.I don't know the server side languages used here (I'm an PHP developer) but I can modernize the client side and with the support of a great community who will hopefully pay for the servers I can also manage the hosting.I want to keep things open and I think it's bad when everyone has to change to the closed source Gravatar.Instead I want to keep an open source avatar hoster which hopefully will some time in the future federated.I'm always here to help - Email: ni.pos@yandex.com Jabber: bw5rws@jabber.lima-city.de Matrix: @nipos:avareborn.de And I'm also in the #libravatar IRC Channel which could be helpful for coordinating the future of this project.

offer free hosting
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 3061c03..2ea829e 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -12,6 +12,7 @@ I second this.  I would like to see this service keep going if possible.  How ma
 
 I also would like to keep the service alive. I can offer hosting. I'm currently trying to deploy a private instance of the project using docker. libravatar@kumy.net
 
+I can offer free hosting for the service. smurf@debian.org
 ---
 
 # Stats

I also offer my help to keep the project alive
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index f7c6584..3061c03 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -10,6 +10,8 @@ I second this.  I would like to see this service keep going if possible.  How ma
 
 [Proxience](http://proxience.com) and I, [Frédéric Lehobey](https://wiki.debian.org/Fr%C3%A9d%C3%A9ricLehobey), are willing in helping keeping Libravatar running. Email contact is contact@proxience.com.
 
+I also would like to keep the service alive. I can offer hosting. I'm currently trying to deploy a private instance of the project using docker. libravatar@kumy.net
+
 ---
 
 # Stats

Mention a C implementation.
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index b7c8215..f7c6584 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -86,3 +86,12 @@ clime@redhat.com
 ---
 
 I am here to help anyway I can, refactoring code, hosting. Please reach out sadin@fedoraproject.org
+
+---
+
+I published today a server-side implementation in C I started three years ago, available here: <https://github.com/Aversiste/libravatar.cgi>.
+It is a CGI program currently implementing the size, default and forcedefault flags with allowed default values of '404', 'mm' and 'blank'.
+
+This is not finished and not a suitable replacement for the current stack as it uses the file system directly but it is good enough for self-hosting. I use it at https://avatars.bouledef.eu/index
+
+I am available for any discussions related to the shutdown and the migration though - tleguern@bouledef.eu

Linkify pagure repo
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 8335619..b7c8215 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -79,7 +79,7 @@ zach@mailcan.com
 
 ---
 
-I have setup a new repo here: https://pagure.io/libravatar2 to modernize/rewrite libravatar to use the latest available tooling. Please concact me if you would like to help.
+I have setup a new repo here: <https://pagure.io/libravatar2> to modernize/rewrite libravatar to use the latest available tooling. Please concact me if you would like to help.
 
 clime@redhat.com
 

Document Launchpad merge requests with git
diff --git a/submitting_a_patch.mdwn b/submitting_a_patch.mdwn
index 46caf11..5d7f9c9 100644
--- a/submitting_a_patch.mdwn
+++ b/submitting_a_patch.mdwn
@@ -1,8 +1,35 @@
-There are three ways to submit your patch:
+The preferred way to submit a patch is via Launchpad merge requests.
+
+# Launchpad merge requests
+
+Once you have a [Launchpad account](https://launchpad.net/+login), here's how to clone the main repository and then push a personal branch to Launchpad:
+
+    git clone https://git.launchpad.net/~libravatar/libravatar
+    cd libravatar
+    git remote add francois git+ssh://git.launchpad.net/~fmarier/libravatar
+    git checkout -b test
+    (commit some changes)
+    git push -u francois test
+
+(In this example, my username is `fmarier`, my branch name is `test` and the git remote for my personal repo is `francois`.)
+
+Once you have done that, your repository will be shown in the list of [libravatar repositories](https://code.launchpad.net/libravatar) and clicking on it will take you to the [list of branches it contains](https://code.launchpad.net/~fmarier/libravatar/+git/libravatar).
+
+To submit a merge request, click on the [branch name](https://code.launchpad.net/~fmarier/libravatar/+git/libravatar/+ref/test) and then click the ["Propose for merging"](https://code.launchpad.net/~fmarier/libravatar/+git/libravatar/+ref/test/+register-merge) button.
+
+Enter the following information:
+
+- Target repository: `~libravatar/libravatar/+git/libravatar`
+- Target branch: `master`
+
+before clicking "Propose merge". This will take you to your newly-created [merge request](https://code.launchpad.net/~fmarier/libravatar/+git/libravatar/+merge/345611).
+
+# Other ways to submit a patch
+
+If the above doesn't work for you, here are other ways to contribute your patch:
 
 1. Attach it to the relevant bug on the [tracker](https://bugs.launchpad.net/libravatar) (create a [new bug](https://bugs.launchpad.net/libravatar/+filebug) if you need to)
-2. Submit a [merge request](https://git.nzoss.org.nz/libravatar/libravatar/merge_requests) on [Gitlab](https://git.nzoss.org.nz/libravatar/libravatar)
-3. Submit a [pull request](https://help.github.com/articles/using-pull-requests) on [Github](https://github.com/libravatar/libravatar)
+2. Submit a [pull request](https://help.github.com/articles/using-pull-requests) on [Github](https://github.com/libravatar/libravatar)
 
 Of course, if you need any help, [[give us a shout|talk to us]]!
 

Mention social media accounts
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 1fc2894..8335619 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -52,6 +52,8 @@ In addition to the domain names (libravatar.org and libravatar.com), the followi
 - [GitHub project](https://github.com/libravatar) (read-only git mirror of the repos)
 - [BitBucket project](https://bitbucket.org/libravatar/) (read-only mercurial mirror of the repo)
 - [Transifex account](https://www.transifex.com/fmarier/libravatar/) (mostly unused alternative service for translations)
+- [Twitter account](https://twitter.com/libravatar)
+- [Identi.ca account](https://identi.ca/libravatar)
 
 --- 
 

Merge all DO details
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index bb1e04c..1fc2894 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -60,9 +60,13 @@ Contact me at ij@2017.bluespice.org or @ingoj on Twitter.
 
 ---
 
-DO would be a good place to move this service.  A couple of $10 droplets could easily handle the load.  The question is who would you want to own the servers?
+# Digital Ocean
 
-https://blog.digitalocean.com/new-droplet-plans
+[DigitalOcean](https://digitalocean.com) would be a good place to move this service.  A couple of [$10 droplets](https://blog.digitalocean.com/new-droplet-plans) could easily handle the load.  The question is who would you want to own the servers?
+
+The email to reach out for potential DO open source sponsorship is opensource@digitalocean.com
+
+They offered $200 to host two droplets for one year.
 
 ---
 
@@ -79,15 +83,4 @@ clime@redhat.com
 
 ---
 
-The email to reach out for potential DigitalOcean open source sponsorship is opensource@digitalocean.com
-
----
-
-Got a response from DO, they offered $200 to host two droplets for one year.
-
-
-digitalocean.com
-
----
-
 I am here to help anyway I can, refactoring code, hosting. Please reach out sadin@fedoraproject.org

typo and capitalization
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 3699ec3..bb1e04c 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -48,9 +48,9 @@ The cost (currently covered by Rackspace through their OSS program) for the mont
 In addition to the domain names (libravatar.org and libravatar.com), the following accounts could be transferred to the new team:
 
 - [Blog](https://blog.libravatar.org) and [wiki](https://wiki.libravatar.org) (hosted for free by [Branchable](https://branchable.com))
-- [Laucnhpad project](https://launchpad.net/libravatar) (bug tracker, git repo, translations)
-- [Github project](https://github.com/libravatar) (read-only git mirror of the repos)
-- [Bitbucket project](https://bitbucket.org/libravatar/) (read-only mercurial mirror of the repo)
+- [Launchhpad project](https://launchpad.net/libravatar) (bug tracker, git repo, translations)
+- [GitHub project](https://github.com/libravatar) (read-only git mirror of the repos)
+- [BitBucket project](https://bitbucket.org/libravatar/) (read-only mercurial mirror of the repo)
 - [Transifex account](https://www.transifex.com/fmarier/libravatar/) (mostly unused alternative service for translations)
 
 --- 

Mention external accounts that could be transferred and clarify the cost of running the service.
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index a6be86e..3699ec3 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -36,11 +36,23 @@ For the month of March 2018, the traffic looked like this:
   * Total hits: 11,191,373
   * Redirects (to Gravatar): 9,605,127
 
-The cost for the month of March 2018 was $70 USD:
+# Cost
+
+The cost (currently covered by Rackspace through their OSS program) for the month of March 2018 was $70 USD:
 
 - Cloud Bandwidth: $13.50
 - Cloud Servers: $56.84
 
+# External accounts
+
+In addition to the domain names (libravatar.org and libravatar.com), the following accounts could be transferred to the new team:
+
+- [Blog](https://blog.libravatar.org) and [wiki](https://wiki.libravatar.org) (hosted for free by [Branchable](https://branchable.com))
+- [Laucnhpad project](https://launchpad.net/libravatar) (bug tracker, git repo, translations)
+- [Github project](https://github.com/libravatar) (read-only git mirror of the repos)
+- [Bitbucket project](https://bitbucket.org/libravatar/) (read-only mercurial mirror of the repo)
+- [Transifex account](https://www.transifex.com/fmarier/libravatar/) (mostly unused alternative service for translations)
+
 --- 
 
 Basically I'm willing to help to keep this service up & running and would like to contribute a VM or some disk space and bandwidth by running a mirror. No Django experience though, but slightly able to read Python, but no programmer at all. 

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 2d48f38..a6be86e 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -73,6 +73,9 @@ The email to reach out for potential DigitalOcean open source sponsorship is ope
 
 Got a response from DO, they offered $200 to host two droplets for one year.
 
-—
+
+digitalocean.com
+
+---
 
 I am here to help anyway I can, refactoring code, hosting. Please reach out sadin@fedoraproject.org

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 478c974..2d48f38 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -72,3 +72,7 @@ The email to reach out for potential DigitalOcean open source sponsorship is ope
 ---
 
 Got a response from DO, they offered $200 to host two droplets for one year.
+
+—
+
+I am here to help anyway I can, refactoring code, hosting. Please reach out sadin@fedoraproject.org

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 659c7f6..478c974 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -71,4 +71,4 @@ The email to reach out for potential DigitalOcean open source sponsorship is ope
 
 ---
 
-I sent a message to Digital Ocean, will let you know if I receive a response.
+Got a response from DO, they offered $200 to host two droplets for one year.

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 99df8ba..659c7f6 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -68,3 +68,7 @@ clime@redhat.com
 ---
 
 The email to reach out for potential DigitalOcean open source sponsorship is opensource@digitalocean.com
+
+---
+
+I sent a message to Digital Ocean, will let you know if I receive a response.

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 5cee705..99df8ba 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -65,3 +65,6 @@ I have setup a new repo here: https://pagure.io/libravatar2 to modernize/rewrite
 
 clime@redhat.com
 
+---
+
+The email to reach out for potential DigitalOcean open source sponsorship is opensource@digitalocean.com

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index b091e94..5cee705 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -59,3 +59,9 @@ DO also ( I believe ) will contribute resources to open source projects that req
 Has anyone formulated a plan at all to update Libravatar to Python 3 and migrate away from unsupported libraries?
 zach@mailcan.com
 
+---
+
+I have setup a new repo here: https://pagure.io/libravatar2 to modernize/rewrite libravatar to use the latest available tooling. Please concact me if you would like to help.
+
+clime@redhat.com
+

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 4e830c1..b091e94 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -52,4 +52,10 @@ DO would be a good place to move this service.  A couple of $10 droplets could e
 
 https://blog.digitalocean.com/new-droplet-plans
 
+---
+
+DO also ( I believe ) will contribute resources to open source projects that request it.
+
+Has anyone formulated a plan at all to update Libravatar to Python 3 and migrate away from unsupported libraries?
+zach@mailcan.com
 

Link to my notes on the server migration plan
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 1bde325..e447dc2 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -1,6 +1,8 @@
 Here are some notes on how to setup the main `libravatar.org` server after
 you've installed Debian and the usual server packages.
 
+If you are migrating to a new server, you may be interested in the [server migration plan](https://feeding.cloud.geek.nz/posts/server-migration-plan/) that has been used for the last few server migrations.
+
 # Basic setup
 
 * Install Debian and [tweak a few things](https://feeding.cloud.geek.nz/posts/usual-server-setup/)

Bump Debian version to the one that's currently in use
diff --git a/running_your_own.mdwn b/running_your_own.mdwn
index 5cb0fd3..b039a08 100644
--- a/running_your_own.mdwn
+++ b/running_your_own.mdwn
@@ -19,7 +19,7 @@ The following instructions are about the official libravatar.org software.
 
 ## System requirements
 
-You can find the latest system requirements in the [installation instructions](https://bazaar.launchpad.net/~libravatar/libravatar/master/view/head:/INSTALL.md) that come with the software, but Libravatar has been confirmed to work on [Debian 7](http://www.debian.org/releases/wheezy/) (wheezy).
+You can find the latest system requirements in the [installation instructions](https://bazaar.launchpad.net/~libravatar/libravatar/master/view/head:/INSTALL.md) that come with the software, but Libravatar has been confirmed to work on [Debian 8](http://www.debian.org/releases/jessie/) (jessie).
 
 ## Getting the code
 

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index ae16b79..4e830c1 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -46,6 +46,8 @@ The cost for the month of March 2018 was $70 USD:
 Basically I'm willing to help to keep this service up & running and would like to contribute a VM or some disk space and bandwidth by running a mirror. No Django experience though, but slightly able to read Python, but no programmer at all. 
 Contact me at ij@2017.bluespice.org or @ingoj on Twitter. 
 
+---
+
 DO would be a good place to move this service.  A couple of $10 droplets could easily handle the load.  The question is who would you want to own the servers?
 
 https://blog.digitalocean.com/new-droplet-plans

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 89f9c8d..ae16b79 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -45,3 +45,9 @@ The cost for the month of March 2018 was $70 USD:
 
 Basically I'm willing to help to keep this service up & running and would like to contribute a VM or some disk space and bandwidth by running a mirror. No Django experience though, but slightly able to read Python, but no programmer at all. 
 Contact me at ij@2017.bluespice.org or @ingoj on Twitter. 
+
+DO would be a good place to move this service.  A couple of $10 droplets could easily handle the load.  The question is who would you want to own the servers?
+
+https://blog.digitalocean.com/new-droplet-plans
+
+

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 1f88412..89f9c8d 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -40,3 +40,8 @@ The cost for the month of March 2018 was $70 USD:
 
 - Cloud Bandwidth: $13.50
 - Cloud Servers: $56.84
+
+--- 
+
+Basically I'm willing to help to keep this service up & running and would like to contribute a VM or some disk space and bandwidth by running a mirror. No Django experience though, but slightly able to read Python, but no programmer at all. 
+Contact me at ij@2017.bluespice.org or @ingoj on Twitter. 

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index a1ab60d..1f88412 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -8,7 +8,7 @@ Can we get some statistics about the service now? Both in terms of the infrastru
 
 I second this.  I would like to see this service keep going if possible.  How many servers are currently in production and what is the monthly cost to host them?  I have over 15 years experience as a server admin including time in the hosting industry and would love to contribute.  Email is wattersm@watters.ws 
 
-[Proxience](http://proxience.com) and I, [Frédéric Lehobey](https://wiki.debian.org/Fr%C3%A9d%C3%A9ricLehobey), are willing in keeping Libravatar running. Email contact is contact@proxience.com.
+[Proxience](http://proxience.com) and I, [Frédéric Lehobey](https://wiki.debian.org/Fr%C3%A9d%C3%A9ricLehobey), are willing in helping keeping Libravatar running. Email contact is contact@proxience.com.
 
 ---
 

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index c552f0e..a1ab60d 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -8,6 +8,8 @@ Can we get some statistics about the service now? Both in terms of the infrastru
 
 I second this.  I would like to see this service keep going if possible.  How many servers are currently in production and what is the monthly cost to host them?  I have over 15 years experience as a server admin including time in the hosting industry and would love to contribute.  Email is wattersm@watters.ws 
 
+[Proxience](http://proxience.com) and I, [Frédéric Lehobey](https://wiki.debian.org/Fr%C3%A9d%C3%A9ricLehobey), are willing in keeping Libravatar running. Email contact is contact@proxience.com.
+
 ---
 
 # Stats

Add requested stats
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index eefc107..c552f0e 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -7,3 +7,34 @@ Please leave some contact details so that others can reach out to you.
 Can we get some statistics about the service now? Both in terms of the infrastructure (assuming infra support won't continue) and in terms of what is required to keep it going?  Do we know how many avatars are served? stored? etc? (bex@pobox.com)
 
 I second this.  I would like to see this service keep going if possible.  How many servers are currently in production and what is the monthly cost to host them?  I have over 15 years experience as a server admin including time in the hosting industry and would love to contribute.  Email is wattersm@watters.ws 
+
+---
+
+# Stats
+
+As of 2018-04-03, the storage requirements are:
+
+* Application server:
+  * 1 GB General Purpose v1 [Rackspace cloud server](https://www.rackspace.com/cloud/servers)
+  * Number of user accounts: 6655
+  * Number of unique avatars: 6919 (355 MB)
+
+* Static image server:
+  * 1 GB General Purpose v1 [Rackspace cloud server](https://www.rackspace.com/cloud/servers)
+  * Size of avatars on disk: 1.8 GB
+
+For the month of March 2018, the traffic looked like this:
+
+* Application server:
+  * Bandwidth: 328.31 MB
+  * Hits: 43,823
+
+* Static image server:
+  * Bandwidth: 18.99 GB
+  * Total hits: 11,191,373
+  * Redirects (to Gravatar): 9,605,127
+
+The cost for the month of March 2018 was $70 USD:
+
+- Cloud Bandwidth: $13.50
+- Cloud Servers: $56.84

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index b658194..eefc107 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -5,3 +5,5 @@ Please leave some contact details so that others can reach out to you.
 ---
 
 Can we get some statistics about the service now? Both in terms of the infrastructure (assuming infra support won't continue) and in terms of what is required to keep it going?  Do we know how many avatars are served? stored? etc? (bex@pobox.com)
+
+I second this.  I would like to see this service keep going if possible.  How many servers are currently in production and what is the monthly cost to host them?  I have over 15 years experience as a server admin including time in the hosting industry and would love to contribute.  Email is wattersm@watters.ws 

diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index 7055f8c..b658194 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -1,3 +1,7 @@
 Here is a place where people who are interested in [taking over Libravatar](https://blog.libravatar.org/posts/Libravatar.org_is_shutting_down_on_2018-09-01/) can coordinate.
 
 Please leave some contact details so that others can reach out to you.
+
+---
+
+Can we get some statistics about the service now? Both in terms of the infrastructure (assuming infra support won't continue) and in terms of what is required to keep it going?  Do we know how many avatars are served? stored? etc? (bex@pobox.com)

Remove links to the donation services
diff --git a/contribute.mdwn b/contribute.mdwn
index 257145a..f7f3d6a 100644
--- a/contribute.mdwn
+++ b/contribute.mdwn
@@ -15,15 +15,6 @@ Given that Libravatar is a community project without a big corporate sponsor, we
 
 If you can spare a bit of disk space and bandwidth, please [get in touch](mailto:mirrors@libravatar.org), we would love your help in building a world-wide mirror network.
 
-# Donate
-
-You can donate money to help us cover the project hosting-related overheads:
-
-* [Gratipay](https://gratipay.com/libravatar/)
-* [Bountysource](https://salt.bountysource.com/checkout/amount?team=libravatar)
-* [Flattr](https://flattr.com/thing/311293/Libravatar)
-* [Liberapay](https://liberapay.com/Libravatar/)
-
 # Advocacy
 
 If you don't fit into of the other categories, you are still more than welcome to join us:

Link to shutdown announcement
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
index b0c06a6..7055f8c 100644
--- a/shutdown-coordination.mdwn
+++ b/shutdown-coordination.mdwn
@@ -1,3 +1,3 @@
-Here is a place where people who are interested in taking over Libravatar can coordinate.
+Here is a place where people who are interested in [taking over Libravatar](https://blog.libravatar.org/posts/Libravatar.org_is_shutting_down_on_2018-09-01/) can coordinate.
 
 Please leave some contact details so that others can reach out to you.

Create stub page for shutdown coordination
diff --git a/shutdown-coordination.mdwn b/shutdown-coordination.mdwn
new file mode 100644
index 0000000..b0c06a6
--- /dev/null
+++ b/shutdown-coordination.mdwn
@@ -0,0 +1,3 @@
+Here is a place where people who are interested in taking over Libravatar can coordinate.
+
+Please leave some contact details so that others can reach out to you.

diff --git a/recentchanges.mdwn b/recentchanges.mdwn
new file mode 100644
index 0000000..3383fc7
--- /dev/null
+++ b/recentchanges.mdwn
@@ -0,0 +1,7 @@
+[[!if test="enabled(meta)" then="""
+[[!meta title="RecentChanges"]]
+"""]]
+Recent changes to this wiki:
+
+[[!inline pages="internal(recentchanges/change_*) and !*/Discussion" 
+template=recentchanges show=0]]

Update the version of the Dotclear plugin to the one that includes federation
diff --git a/libraries.mdwn b/libraries.mdwn
index f8e37e5..d445527 100644
--- a/libraries.mdwn
+++ b/libraries.mdwn
@@ -125,7 +125,7 @@ or, with global context
 There aren't many plugins available at the moment, but please [[suggest the ones|suggested plugins]] you'd like to have.
 
 * [Claws Mail](http://www.claws-mail.org/plugin.php?plugin=libravatar) (since version 3.10)
-* [Dotclear](https://open-time.net/post/2018/01/22/Plugin-Gravatars-07-pour-Dotclear)
+* [Dotclear](https://open-time.net/post/2018/01/23/Plugin-Gravatars-08-pour-Dotclear)
 * [Foswiki](http://foswiki.org/Extensions/AvatarPlugin)
 * [Friendica](https://github.com/friendica/friendica-addons/tree/master/libravatar)
 * [GNOME-shell-extension-timezone](https://github.com/jwendell/gnome-shell-extension-timezone)

Link to Dotclear plugin
diff --git a/libraries.mdwn b/libraries.mdwn
index 7522d89..f8e37e5 100644
--- a/libraries.mdwn
+++ b/libraries.mdwn
@@ -125,6 +125,7 @@ or, with global context
 There aren't many plugins available at the moment, but please [[suggest the ones|suggested plugins]] you'd like to have.
 
 * [Claws Mail](http://www.claws-mail.org/plugin.php?plugin=libravatar) (since version 3.10)
+* [Dotclear](https://open-time.net/post/2018/01/22/Plugin-Gravatars-07-pour-Dotclear)
 * [Foswiki](http://foswiki.org/Extensions/AvatarPlugin)
 * [Friendica](https://github.com/friendica/friendica-addons/tree/master/libravatar)
 * [GNOME-shell-extension-timezone](https://github.com/jwendell/gnome-shell-extension-timezone)

Switch www to the webroot plugin to avoid having to stop Apache
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index b3e1291..1bde325 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -215,17 +215,17 @@ you've installed Debian and the usual server packages.
 
 * Enable the new vhost:
 
-      a2ensite default-ssl
+      mkdir /var/www/acme
       a2ensite acme
+      a2ensite default-ssl
       a2ensite stats
 
-* Install `certbot` and then create two separate certs:
+* Install `certbot` and then create a few certs:
 
-      systemctl stop apache2
-      certbot certonly -d www.libravatar.org -d libravatar.org -d selfoss.libravatar.org
+      certbot certonly --webroot -w /var/www/acme -d www.libravatar.org -d libravatar.org -d selfoss.libravatar.org
       certbot certonly --webroot -w /var/www/acme -d stats.libravatar.org
       certbot certonly --webroot -w /var/www/acme -d seccdn.libravatar.org
-      systemctl start apache2
+      systemctl restart apache2
 
 * Symlink the letsencrypt certs in the right place:
 
@@ -244,7 +244,7 @@ you've installed Debian and the usual server packages.
 
       #!/bin/bash
       
-      /usr/bin/certbot renew --quiet --pre-hook "/bin/systemctl stop apache2.service" --post-hook "/bin/systemctl start apache2.service"
+      /usr/bin/certbot renew --quiet --post-hook "/bin/systemctl restart apache2.service"
       
       pushd /etc/ > /dev/null
       /usr/bin/git add letsencrypt

Add the ACME proxy for seccdn and switch stats to the webroot certbot plugin
https://feeding.cloud.geek.nz/posts/proxy-acme-challenges-to-single-machine/
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 3c12591..b3e1291 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -144,14 +144,14 @@ you've installed Debian and the usual server packages.
       a2enmod rewrite
 
 * Setup some Apache vhosts:
-  * `/etc/apache2/sites-enabled/000-default`:
+  * `/etc/apache2/sites-enabled/000-default.conf`:
  
         <VirtualHost *:80>
             RewriteEngine On
             RewriteRule ^ https://www.libravatar.org [redirect=301,last]
         </VirtualHost>
 
-  * `/etc/apache2/sites-enabled/default-ssl`:
+  * `/etc/apache2/sites-enabled/default-ssl.conf`:
 
         <VirtualHost *:443>
             SSLEngine on
@@ -163,7 +163,7 @@ you've installed Debian and the usual server packages.
             RewriteRule ^ https://www.libravatar.org [redirect=301,last]
         </VirtualHost>
 
-  * `/etc/apache2/sites-available/stats`:
+  * `/etc/apache2/sites-available/stats.conf`:
  
         <VirtualHost *:443>
             ServerName stats.libravatar.org
@@ -189,26 +189,50 @@ you've installed Debian and the usual server packages.
                 Options +indexes
             </Location>
         </VirtualHost>
+        
+        <VirtualHost *:80>
+            ServerName stats.libravatar.org
+            ServerAdmin webmaster@libravatar.org
+            DocumentRoot /var/www/acme
+            <Directory /var/www/acme>
+                Options -Indexes
+            </Directory>
+        </VirtualHost>
+
+  * `/etc/apache2/sites-available/acme.conf`:
+ 
+        <VirtualHost *:80>
+            ServerName stats.libravatar.org
+            ServerAdmin webmaster@libravatar.org
+            DocumentRoot /var/www/acme
+            <Directory /var/www/acme>
+                Options -Indexes
+            </Directory>
+        </VirtualHost>
+
 
 * Copy the stats password file (`/etc/apache2/stats.passwd`).
 
 * Enable the new vhost:
 
       a2ensite default-ssl
+      a2ensite acme
       a2ensite stats
 
-* Copy seccdn SSL certs in `/etc/libravatar/` from the old server.
-
 * Install `certbot` and then create two separate certs:
 
       systemctl stop apache2
       certbot certonly -d www.libravatar.org -d libravatar.org -d selfoss.libravatar.org
-      certbot certonly -d stats.libravatar.org
+      certbot certonly --webroot -w /var/www/acme -d stats.libravatar.org
+      certbot certonly --webroot -w /var/www/acme -d seccdn.libravatar.org
       systemctl start apache2
 
 * Symlink the letsencrypt certs in the right place:
 
       cd /etc/libravatar/
+      ln -s ../letsencrypt/seccdn.libravatar.org/privkey.pem seccdn.pem
+      ln -s ../letsencrypt/seccdn.libravatar.org/cert.pem seccdn.crt
+      ln -s ../letsencrypt/seccdn.libravatar.org/chain.pem seccdn-chain.pem
       ln -s ../letsencrypt/stats.libravatar.org/privkey.pem stats.pem
       ln -s ../letsencrypt/stats.libravatar.org/cert.pem stats.crt
       ln -s ../letsencrypt/stats.libravatar.org/chain.pem stats-chain.pem

Fix typo
diff --git a/api.mdwn b/api.mdwn
index ed8ba08..baa9db1 100644
--- a/api.mdwn
+++ b/api.mdwn
@@ -50,7 +50,7 @@ The <tt>d</tt> or <tt>default</tt> parameter defaults to the Libravatar logo, bu
 
 * <tt>**404**</tt>: return a 404 error (file not found) instead of an image
 * <table><tr>
-  <td align="center">![mm](httsp://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=mm)
+  <td align="center">![mm](https://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=mm)
   <br><tt>**mm**</tt></td>
   <td align="center">![identicon](https://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=identicon)
   <br><tt>**identicon**</tt></td>

Move inline images to HTTPS to avoid mixed content warnings
diff --git a/api.mdwn b/api.mdwn
index 5392cff..ed8ba08 100644
--- a/api.mdwn
+++ b/api.mdwn
@@ -24,10 +24,10 @@ Here's an example in Python:
 
 which gives us a hash of <tt>40f8d096a3777232204cb3f796c577b7</tt> and therefore the following image tag:
 
-    <img src="http://cdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7" alt="avatar of george@example.com"/>
+    <img src="https://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7" alt="avatar of george@example.com"/>
 
 It will render as follows:
-![George@example.com](http://cdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7)
+![George@example.com](https://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7)
 
 
 # Options
@@ -50,15 +50,15 @@ The <tt>d</tt> or <tt>default</tt> parameter defaults to the Libravatar logo, bu
 
 * <tt>**404**</tt>: return a 404 error (file not found) instead of an image
 * <table><tr>
-  <td align="center">![mm](http://cdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=mm)
+  <td align="center">![mm](httsp://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=mm)
   <br><tt>**mm**</tt></td>
-  <td align="center">![identicon](http://cdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=identicon)
+  <td align="center">![identicon](https://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=identicon)
   <br><tt>**identicon**</tt></td>
-  <td align="center">![monsterid](http://cdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=monsterid)
+  <td align="center">![monsterid](https://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=monsterid)
   <br><tt>**monsterid**</tt></td>
-  <td align="center">![wavatar](http://cdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=wavatar)
+  <td align="center">![wavatar](https://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=wavatar)
   <br><tt>**wavatar**</tt></td>
-  <td align="center">![retro](http://cdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=retro)
+  <td align="center">![retro](https://seccdn.libravatar.org/avatar/40f8d096a3777232204cb3f796c577b7?s=80&d=retro)
   <br><tt>**retro**</tt></td>
   </tr></table>
 

Fix the file ownership as per https://git.launchpad.net/~libravatar/libravatar/commit/?id=b8062fe2d512aa534f7eeb64d80d4e5857fd12ae
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 5c9044f..3c12591 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -375,5 +375,4 @@ If migrating from one server to another:
 
 * Copy the contents of `/var/lib/libravatar/` from the old server and fix the file permissions:
 
-      find /var/lib/libravatar/avatar/ -type f -exec chown libravatar-img:nogroup {} \;
-      find /var/lib/libravatar/user/ -type f -exec chown libravatar-img:nogroup {} \;
+      chown -R root:root /var/lib/libravatar/avatar/* /var/lib/libravatar/user/*

Remove a step now covered by the libravatar-cdn-common postinst script
diff --git a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
index 66b3cb1..92a6106 100644
--- a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
+++ b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
@@ -29,17 +29,11 @@ Do this on the **slave**:
 
        a2enconf tls
 
-1. reduce apache log retention to 10 days in `/etc/logrotate.d/apache` and enable the `removeip` apache module:
+2. reduce apache log retention to 10 days in `/etc/logrotate.d/apache` and enable the `removeip` apache module:
 
        a2enmod removeip
        systemctl restart apache2
 
-2. create SSL certificate placeholders:
-
-       touch /etc/libravatar/seccdn-chain.pem
-       touch /etc/libravatar/seccdn.pem
-       touch /etc/libravatar/seccdn.crt
-
 3. make sure cron errors go somewhere by adding this to `/etc/aliases`:
 
        libravatar-slave: mirrors@libravatar.org

Note the move to HTTPS for the apt repo
diff --git a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
index 7630326..66b3cb1 100644
--- a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
+++ b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
@@ -4,10 +4,10 @@ This will be of interest only to admins who run a Libravatar master server using
 
 Do this on the **slave**:
 
-1. make sure NTP is installed and running
+1. install the `apt-transport-https` package
 1. add the Libravatar apt repository:
 
-       echo "deb http://apt.libravatar.org/ jessie main" >> /etc/apt/sources.list
+       echo "deb https://apt.libravatar.org/ jessie main" >> /etc/apt/sources.list
        gpg --keyserver pgp.net.nz --recv 007c98d1
        gpg -a --export 007c98d1 | apt-key add -
 

Note the move to HTTPS on the apt repo
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 5064d5b..5c9044f 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -279,9 +279,10 @@ you've installed Debian and the usual server packages.
 # Install application
 
 * Install Libravatar packages
+  * Start by installing the `apt-transport-https` package
   * Add the Libravatar repository to `/etc/apt/sources.list`:
 
-        deb http://apt.libravatar.org/ jessie main
+        deb https://apt.libravatar.org/ jessie main
 
   * Then install server packages:
  

Add alt attribute for the main logo image
diff --git a/index.mdwn b/index.mdwn
index c3fc297..c972747 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -1,4 +1,4 @@
-<img src="https://seccdn.libravatar.org/nobody/256.png" align="right" width="256" height="256">
+<img src="https://seccdn.libravatar.org/nobody/256.png" align="right" width="256" height="256" alt="Libravatar Logo">
 
 [Libravatar](https://www.libravatar.org) (*"Libre Avatar"*) is a free service
 and an [[open specification|api]] for hosting profile images tied to email or OpenID

libravatar-deployment package is also required on the master server
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 730ef4c..5064d5b 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -286,7 +286,7 @@ you've installed Debian and the usual server packages.
   * Then install server packages:
  
         apt update
-        apt install libravatar{,-common,-cdn,-cdn-common,-www,-master}
+        apt install libravatar{,-common,-cdn,-cdn-common,-deployment,-www,-master}
 
   * Use `6432` for the database port number, otherwise accept all of the defaults
 

Remove spam
This reverts commit dce02b838f0862d4a570702939b7715aa5acbee3
diff --git a/diezelsun.mdwn b/diezelsun.mdwn
deleted file mode 100644
index b60e015..0000000
--- a/diezelsun.mdwn
+++ /dev/null
@@ -1,6 +0,0 @@
-Diezel Sun  - знаменитый 3d моделлер, разработчик 3d движков.
-
-DiezelSun - 3d modeller,  developer 3d engines.
-References 
-http://en.wiki.unrealsoftware.de/index.php/DiezelSun_3d_graphics - unreal engine
-

Remove spam
This reverts commit 88920e8e48390512e0be49c52b0a1d96260895d8
diff --git a/index.mdwn b/index.mdwn
new file mode 100644
index 0000000..c3fc297
--- /dev/null
+++ b/index.mdwn
@@ -0,0 +1,39 @@
+<img src="https://seccdn.libravatar.org/nobody/256.png" align="right" width="256" height="256">
+
+[Libravatar](https://www.libravatar.org) (*"Libre Avatar"*) is a free service
+and an [[open specification|api]] for hosting profile images tied to email or OpenID
+addresses.
+
+In order to have your photo displayed next to your posts and comments on [[sites which support
+Libravatar|sites]] you can either create an account with us or [[run your own node|running your own]]
+of the federated avatar network.
+
+* [[What is Libravatar?|description]]
+* [[Features]]
+
+# Technology
+
+Inspired by the elegant solution pioneered by [Gravatar](http://www.gravatar.com),
+Libravatar takes a federated approach to the problem and allows domain owners to
+specify the server that should host images for their organisation.
+
+* [[API documentation|api]]
+* [[Libraries and plugins|libraries]]
+* [[Server software|running your own]]
+
+# Community
+
+Because it is entirely powerered by [Free and Open Source
+Software](http://www.gnu.org/licenses/agpl.html), you are more than
+welcome to join the project and [[run your own instance|Running your own]].
+
+* [[Ways to contribute|contribute]]
+* [[Getting in touch with us|talk to us]]
+
+# Freedom
+
+We value your privacy and freedom which is why we are committed to delivering our service using a [[freedom-respecting infrastructure]].
+
+----
+
+The contents of this wiki is licensed under your choice of the [GNU Affero GPL version 3](http://gnu.org/licenses/agpl.html) or later, or the [Creative Commons Attribution-ShareAlike 3.0 Unported](https://creativecommons.org/licenses/by-sa/3.0/) license.
diff --git a/index.txt b/index.txt
deleted file mode 100644
index c3fc297..0000000
--- a/index.txt
+++ /dev/null
@@ -1,39 +0,0 @@
-<img src="https://seccdn.libravatar.org/nobody/256.png" align="right" width="256" height="256">
-
-[Libravatar](https://www.libravatar.org) (*"Libre Avatar"*) is a free service
-and an [[open specification|api]] for hosting profile images tied to email or OpenID
-addresses.
-
-In order to have your photo displayed next to your posts and comments on [[sites which support
-Libravatar|sites]] you can either create an account with us or [[run your own node|running your own]]
-of the federated avatar network.
-
-* [[What is Libravatar?|description]]
-* [[Features]]
-
-# Technology
-
-Inspired by the elegant solution pioneered by [Gravatar](http://www.gravatar.com),
-Libravatar takes a federated approach to the problem and allows domain owners to
-specify the server that should host images for their organisation.
-
-* [[API documentation|api]]
-* [[Libraries and plugins|libraries]]
-* [[Server software|running your own]]
-
-# Community
-
-Because it is entirely powerered by [Free and Open Source
-Software](http://www.gnu.org/licenses/agpl.html), you are more than
-welcome to join the project and [[run your own instance|Running your own]].
-
-* [[Ways to contribute|contribute]]
-* [[Getting in touch with us|talk to us]]
-
-# Freedom
-
-We value your privacy and freedom which is why we are committed to delivering our service using a [[freedom-respecting infrastructure]].
-
-----
-
-The contents of this wiki is licensed under your choice of the [GNU Affero GPL version 3](http://gnu.org/licenses/agpl.html) or later, or the [Creative Commons Attribution-ShareAlike 3.0 Unported](https://creativecommons.org/licenses/by-sa/3.0/) license.

rename index.mdwn to index.txt
diff --git a/index.mdwn b/index.mdwn
deleted file mode 100644
index c3fc297..0000000
--- a/index.mdwn
+++ /dev/null
@@ -1,39 +0,0 @@
-<img src="https://seccdn.libravatar.org/nobody/256.png" align="right" width="256" height="256">
-
-[Libravatar](https://www.libravatar.org) (*"Libre Avatar"*) is a free service
-and an [[open specification|api]] for hosting profile images tied to email or OpenID
-addresses.
-
-In order to have your photo displayed next to your posts and comments on [[sites which support
-Libravatar|sites]] you can either create an account with us or [[run your own node|running your own]]
-of the federated avatar network.
-
-* [[What is Libravatar?|description]]
-* [[Features]]
-
-# Technology
-
-Inspired by the elegant solution pioneered by [Gravatar](http://www.gravatar.com),
-Libravatar takes a federated approach to the problem and allows domain owners to
-specify the server that should host images for their organisation.
-
-* [[API documentation|api]]
-* [[Libraries and plugins|libraries]]
-* [[Server software|running your own]]
-
-# Community
-
-Because it is entirely powerered by [Free and Open Source
-Software](http://www.gnu.org/licenses/agpl.html), you are more than
-welcome to join the project and [[run your own instance|Running your own]].
-
-* [[Ways to contribute|contribute]]
-* [[Getting in touch with us|talk to us]]
-
-# Freedom
-
-We value your privacy and freedom which is why we are committed to delivering our service using a [[freedom-respecting infrastructure]].
-
-----
-
-The contents of this wiki is licensed under your choice of the [GNU Affero GPL version 3](http://gnu.org/licenses/agpl.html) or later, or the [Creative Commons Attribution-ShareAlike 3.0 Unported](https://creativecommons.org/licenses/by-sa/3.0/) license.
diff --git a/index.txt b/index.txt
new file mode 100644
index 0000000..c3fc297
--- /dev/null
+++ b/index.txt
@@ -0,0 +1,39 @@
+<img src="https://seccdn.libravatar.org/nobody/256.png" align="right" width="256" height="256">
+
+[Libravatar](https://www.libravatar.org) (*"Libre Avatar"*) is a free service
+and an [[open specification|api]] for hosting profile images tied to email or OpenID
+addresses.
+
+In order to have your photo displayed next to your posts and comments on [[sites which support
+Libravatar|sites]] you can either create an account with us or [[run your own node|running your own]]
+of the federated avatar network.
+
+* [[What is Libravatar?|description]]
+* [[Features]]
+
+# Technology
+
+Inspired by the elegant solution pioneered by [Gravatar](http://www.gravatar.com),
+Libravatar takes a federated approach to the problem and allows domain owners to
+specify the server that should host images for their organisation.
+
+* [[API documentation|api]]
+* [[Libraries and plugins|libraries]]
+* [[Server software|running your own]]
+
+# Community
+
+Because it is entirely powerered by [Free and Open Source
+Software](http://www.gnu.org/licenses/agpl.html), you are more than
+welcome to join the project and [[run your own instance|Running your own]].
+
+* [[Ways to contribute|contribute]]
+* [[Getting in touch with us|talk to us]]
+
+# Freedom
+
+We value your privacy and freedom which is why we are committed to delivering our service using a [[freedom-respecting infrastructure]].
+
+----
+
+The contents of this wiki is licensed under your choice of the [GNU Affero GPL version 3](http://gnu.org/licenses/agpl.html) or later, or the [Creative Commons Attribution-ShareAlike 3.0 Unported](https://creativecommons.org/licenses/by-sa/3.0/) license.

Use HTTPS in blog link
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 9fa4c2b..730ef4c 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -3,7 +3,7 @@ you've installed Debian and the usual server packages.
 
 # Basic setup
 
-* Install Debian and [tweak a few things](http://feeding.cloud.geek.nz/posts/usual-server-setup/)
+* Install Debian and [tweak a few things](https://feeding.cloud.geek.nz/posts/usual-server-setup/)
 * Install rssh and uncomment `allowrsync` in `/etc/rssh.conf`
 * Setup appropriate mail aliases
   * Add these to `/etc/aliases`

Replace startssl instructions with letsencrypt
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 45c0bdb..9fa4c2b 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -123,19 +123,6 @@ you've installed Debian and the usual server packages.
 
         systemctl restart pgbouncer
 
-# TLS certificate
-
-* Generate a new certificate:
-
-      openssl genrsa -out www.pem 2048
-
-* Create a certificate signing request:
-
-      openssl req -new -key www.pem -subj "/CN=www.libravatar.org" -out www.csr
-
-* Login into <https://startssl.com> to submit the CSR and download the signed certificate as `www.crt`.
-* Copy `www.pem` and `www.crt` into `/etc/libravatar/`.
-
 # Web server
 
 * Create a global TLS configuration in `/etc/apache2/conf-available/tls.conf`:
@@ -210,7 +197,40 @@ you've installed Debian and the usual server packages.
       a2ensite default-ssl
       a2ensite stats
 
-* Copy all SSL certs in `/etc/libravatar/` from the old server
+* Copy seccdn SSL certs in `/etc/libravatar/` from the old server.
+
+* Install `certbot` and then create two separate certs:
+
+      systemctl stop apache2
+      certbot certonly -d www.libravatar.org -d libravatar.org -d selfoss.libravatar.org
+      certbot certonly -d stats.libravatar.org
+      systemctl start apache2
+
+* Symlink the letsencrypt certs in the right place:
+
+      cd /etc/libravatar/
+      ln -s ../letsencrypt/stats.libravatar.org/privkey.pem stats.pem
+      ln -s ../letsencrypt/stats.libravatar.org/cert.pem stats.crt
+      ln -s ../letsencrypt/stats.libravatar.org/chain.pem stats-chain.pem
+      ln -s ../letsencrypt/www.libravatar.org/privkey.pem www.pem
+      ln -s ../letsencrypt/www.libravatar.org/cert.pem www.crt
+      ln -s ../letsencrypt/www.libravatar.org/chain.pem www-chain.pem
+
+* Install a cronjob to [automatically renew these certs](https://feeding.cloud.geek.nz/posts/automatically-renewing-letsencrypt-certs-on-debian-using-certbot/) in `/etc/cron.daily/certbot-renew-libravatar`:
+
+      #!/bin/bash
+      
+      /usr/bin/certbot renew --quiet --pre-hook "/bin/systemctl stop apache2.service" --post-hook "/bin/systemctl start apache2.service"
+      
+      pushd /etc/ > /dev/null
+      /usr/bin/git add letsencrypt
+      DIFFSTAT="$(/usr/bin/git diff --cached --stat)"
+      if [ -n "$DIFFSTAT" ] ; then
+          /usr/bin/git commit --quiet -m "Renewed letsencrypt certs"
+          echo "$DIFFSTAT"
+      fi
+      popd > /dev/null
+
 
 * Install `awstats` and add this to `/etc/awstats/awstats.conf.local`:
 

Put acronym expansion in quotes
diff --git a/index.mdwn b/index.mdwn
index 4e44191..c3fc297 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -1,6 +1,6 @@
 <img src="https://seccdn.libravatar.org/nobody/256.png" align="right" width="256" height="256">
 
-[Libravatar](https://www.libravatar.org) (*Libre Avatar*) is a free service
+[Libravatar](https://www.libravatar.org) (*"Libre Avatar"*) is a free service
 and an [[open specification|api]] for hosting profile images tied to email or OpenID
 addresses.
 

add global TLS conf for the mirrors
diff --git a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
index 576958e..7630326 100644
--- a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
+++ b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
@@ -16,6 +16,18 @@ Do this on the **slave**:
        apt update
        apt install libravatar-{common,cdn-common,cdn,seccdn,slave}
 
+1. put the following global TLS config in `/etc/apache2/conf-available/tls.conf`:
+
+       SSLHonorCipherOrder On
+       SSLCompression Off
+       SSLUseStapling on
+       SSLStaplingResponderTimeout 5
+       SSLStaplingReturnResponderErrors off
+       SSLStaplingCache shmcb:/var/run/ocsp(128000)
+
+1. enable the newly-added TLS config:
+
+       a2enconf tls
 
 1. reduce apache log retention to 10 days in `/etc/logrotate.d/apache` and enable the `removeip` apache module:
 

add DNT and jessie-related changes
diff --git a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
index 6eaa07f..576958e 100644
--- a/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
+++ b/how_to_add_a_mirror_slave_to_the_mirror_master.mdwn
@@ -13,8 +13,14 @@ Do this on the **slave**:
 
 1. install the required packages on the slave:
 
-       apt-get update
-       apt-get install libravatar-{common,cdn-common,cdn,seccdn,slave}
+       apt update
+       apt install libravatar-{common,cdn-common,cdn,seccdn,slave}
+
+
+1. reduce apache log retention to 10 days in `/etc/logrotate.d/apache` and enable the `removeip` apache module:
+
+       a2enmod removeip
+       systemctl restart apache2
 
 2. create SSL certificate placeholders:
 
@@ -43,6 +49,10 @@ Do this on the **master**:
 
        from="1.2.3.4",no-X11-forwarding,no-user-rc,no-pty,no-agent-forwarding,no-port-forwarding ssh-rsa AAAAB3Nza...quq5x root@cdn3
 
+2. ensure that the `sshuser` user can connect via ssh:
+
+       adduser libravatar-master sshuser
+
 Within about 15 minutes, you should see these files pop up on the slave:
 
 * <tt>/var/lib/libravatar/slave/cert/chain.pem</tt>

Make a note about localhost and gearman
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index b548470..45c0bdb 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -16,6 +16,7 @@ you've installed Debian and the usual server packages.
   * Run `newaliases` to update `/etc/aliases.db`
   * Test the aliases by running `mail root`
 
+* Ensure that the only entry for `localhost` in `/etc/hosts` is for `127.0.0.1` (if you leave the one for `::1`, [it will confuse gearman](https://feeding.cloud.geek.nz/posts/debugging-gearman-configuration/#comment-5980a879ebda9f23f70eee0ea7236bd2))
 * Copy the local logcheck rules from the old server and add the following to `/etc/logcheck/logcheck.logfiles`:
 
       /var/log/libravatar/error-cdn.log

More explicit installation instructions for pgbouncer
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 7bd9fe0..b548470 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -97,7 +97,14 @@ you've installed Debian and the usual server packages.
         createuser -s root
         createuser -S -R -D djangouser
 
-* Install pgbouncer and turn it on in `/etc/default/pgbouncer`
+* Install pgbouncer
+
+      apt install pgbouncer
+
+  * Turn it on in `/etc/default/pgbouncer`
+
+        START=1
+
   * Put the following in `/etc/pgbouncer/pgbouncer.ini`:
 
         [databases]
@@ -106,10 +113,14 @@ you've installed Debian and the usual server packages.
         [pgbouncer]
         admin_users = postgres
 
-* Put the following in `/etc/pgbouncer/userlist.txt`:
+  * Put the following in `/etc/pgbouncer/userlist.txt`:
+
+        "djangouser" ""
+        "postgres" ""
+
+  * Restart the daemon:
 
-      "djangouser" ""
-      "postgres" ""
+        systemctl restart pgbouncer
 
 # TLS certificate
 

Note that the password file needs to be copied
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 3b64a75..7bd9fe0 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -191,6 +191,8 @@ you've installed Debian and the usual server packages.
             </Location>
         </VirtualHost>
 
+* Copy the stats password file (`/etc/apache2/stats.passwd`).
+
 * Enable the new vhost:
 
       a2ensite default-ssl

Add missing index rule to stats config
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 3a2abd0..3b64a75 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -187,6 +187,7 @@ you've installed Debian and the usual server packages.
                 Require valid-user
                 Order allow,deny
                 allow from all
+                Options +indexes
             </Location>
         </VirtualHost>
 

Remove unnecesssary comment
diff --git a/setup_instructions.mdwn b/setup_instructions.mdwn
index 9a4ee74..3a2abd0 100644
--- a/setup_instructions.mdwn
+++ b/setup_instructions.mdwn
@@ -133,7 +133,6 @@ you've installed Debian and the usual server packages.
       SSLHonorCipherOrder     on
       SSLCompression          off
       
-      # OCSP Stapling, only in httpd 2.3.3 and later
       SSLUseStapling          on
       SSLStaplingResponderTimeout 5
       SSLStaplingReturnResponderErrors off