Team Reports 2019

Team Leaders are encouraged to present a report for their team. (alphabetic order)

17 = Text from 2017, please replace!

AffiliateProgramme – Hotel-buchen-Portal

This webshop with T-shirts, caps, mugs and more is run by secureU, a partner association from CAcert in Germany. The benefit is sent to us or used to pay bills for us.(Ru)


Since April 2018, CAcert has Amazon Affiliates links. Unfortunatley, there are different links for each different language/shop:


On the wiki, we have Google Ads on the top corner. To help CAcert, please allow your adblocker to show this ads. They are small, discrete and do not disturb you while writing or reading on the wiki.




Audit Team

Critical System Administrator Team

Day to day operation

Regular system administration activities resulting in site visits or software updates of one or more of the critical systems are dutifully reported on the public systemlog mailinglist with archives kept at We refer the interested reader to those resources rather than duplicating or summarizing the information here.

Future outlook

The interest in CAcert is diminishing, not only within the user base, but also with the Critical System Administrator team. Besides general market circumstances there is also a major problem emerging due to the aging of the CAcert application code.

Without a fully functioning CAcert software development team, hardly any changes to the application code have occurred in the past three years. Thus the CAcert application (written in PHP) is locking CAcert into an old and soon obsolete version of the Debian OS. In April 2018 we did complete the upgrade of the webdb server to Debian Jessie, at that time the "oldstable" release from Debian. As predicted in last year's report: this causes a permanent stream of PHP warning messages in the Apache logfiles, because the application code is using obsoleted constructs. Due to the release of Debian Buster in July 2019, the Jessie release has dropped now even behind the "oldstable" state. But an upgrade to Debian Stable or Oldstable is not possible with the current PHP code base, due to its dependency on an obsolete mySQL database interface layer, which is not supported anymore in the PHP version bundled with Debian Stretch, the current Debian Oldtable.

Without the ability to upgrade the application platform to a well-maintained version of Debian, the Critical System Administrator Team will be unable to take responsibility in the near future for the safe and correct operation of CAcert's main server, the web application and database server.

Team change (November 2019)

In April 2019 we announced in that we did not see a sound perspective for continuing CAcert in its current form. After waiting six weeks for a clear decision of the board to shutdown, we announced that the full team would resign by September 1, 2019. On August 30 we received a request to allow some flexibility in that date, which we did by extending the final date to November 1, 2019. Lo and behold, on that date we did transfer all knowledge and secrets of the CAcert critical systems to the new team leader Dirk Astrath in a six-hour session at BIT, Ede ( You will probably read more about that in next year's team report ...



Currently the team is quite small, any help to increase the team is appreciated. (As)


This year we finally managed to upgrade our infrastructure host (Infra02) to the current Debian 10 (Buster) OS release. This provides a much more modern LXC (0.7 -> 3.0.3) and OS kernel (4.19) as well as improvements in other areas like firewalling. The full announcement of the upgrade can be read in the cacert-sysadm mailing list archive.

After this huge improvement a few more upgrades have been done. Our board voting system has been moved away from the aging community system to its own container and is now available at The community email system at has been upgraded from Debian 5 to Debian 10 and has a much newer Postfix and Dovecot setup than before supporting modern TLS versions and cipher suites. A new community (webmail) system is still work in progress and will hopefully be finished later this year.

All new systems are now managed via Puppet and the Puppet code can be found in a public Git repository. We have now 17 systems that are managed by Puppet by at least some degree, the new systems have all their services setup via Puppet which should become the standard way of doing system administration in the future.

Our monitoring on has been upgraded too and is now running Icinga 2 and IcingaWeb 2. Monitoring checks have been extended and are managed in Git too.

We had a lot of interest in system administration tasks after the call for help sent out by board/secretary and I (Jan) added some information about what could need help in the Infrastructure Team section of the Wiki. I wrote a longer response to the CAcert sysadm volunteer list to explain in which areas help is needed.

-- JanDittberner 2019-10-27 20:14:31

New Root & Escrow Project (NRE)

Organisation Assurance Team

Policy Group


Software Development Team

Support Team

Translation / Localisation

CATS is now available in Czech. A French translation is waiting for review (for several months now).

Finance Team