Hi there, I plan to update the koji certificate to use a well-known one (letsencrypt based). At this time, we are using a certificate from our own rpmfusion-server CA, but it's not well suited for occasional end-users. It's not that easy compared with other applications as many rpmfusion services are expecting a dedicated CA passed as a parameter and do not rely on the system ca trust store. There are few steps to go into that direction: Step1: Bundle rpmfusion-server ca into system root ca on affected VMs Step2: Prepare the configuration change from ansible-infra. Switch configurations to not rely on serverca parameters Step3: Update rpmfusion-package not to rely on serverca parameter. (and drop the deprecated ca parameter that was unused for client certificates). Step4: Switch koji to use letsencrypt certificates. Restart internal services to use the new certificates. I'm mostly done for step1, but as a matter of delegation , I would like someone else to do the task for step3 for rpmfusion-packager: https://github.com/rpmfusion-infra/rpmfusion-packager/ See also a way to bundle rpmfusion-server-ca into the sytem trust CA : https://docs.fedoraproject.org/en-US/quick-docs/using-shared-system-certi... Thanks in advances. -- - Nicolas (kwizart)