FYI, I just updated the tahoe-lafs.org SSL certificate to a new one (from GlobalSign), along with a new key. We upgraded nginx a few weeks ago to provide TLSv1.2, and I hope to update the configuration in a few days to enable Forward-Secure modes (and maybe ECC too). Please let me know if you see anything weird, like validation failures. cheers, -Brian