Add untrusted-root.badssl.com. Closes #170.

Author: lgarron

domains/cert/untrusted-root.conf

@@ -0,0 +1,19 @@
+---
+---
+server {
+  listen 80;
+  server_name untrusted-root.{{ site.domain }};
+
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443;
+  server_name untrusted-root.{{ site.domain }};
+
+  include {{ site.serving-path }}/nginx-includes/wildcard.untrusted-root.conf;
+  include {{ site.serving-path }}/nginx-includes/tls-defaults.conf;
+  include {{ site.serving-path }}/common/common.conf;
+
+  root {{ site.serving-path }}/domains/cert/untrusted-root;
+}

domains/cert/untrusted-root/index.html

@@ -0,0 +1,16 @@
+---
+subdomain: untrusted-root
+layout: page
+favicon: red
+background: red
+---
+
+<div id="content">
+  <h1 style="font-size: 8vw;">
+    {{ page.subdomain }}.<br>{{ site.domain }}
+  </h1>
+</div>
+
+<div id="footer">
+  The certificate for this site is signed using an untrusted root.
+</div>

domains/misc/badssl.com/index.html

@@ -216,6 +216,7 @@ <h2>Certificate:</h2>
       <a href="https://expired.{{ site.domain }}/" class="bad">expired</a>
       <a href="https://wrong.host.{{ site.domain }}/" class="bad">wrong.host</a>
       <a href="https://self-signed.{{ site.domain }}/" class="bad">self-signed</a>
+      <a href="https://untrusted-root.{{ site.domain }}/" class="bad">untrusted-root</a>
       <hr>
       <a href="https://sha1-2016.{{ site.domain }}/" class="dubious">sha1-2016</a>
       <a href="https://sha1-2017.{{ site.domain }}/" class="bad">sha1-2017</a>

nginx-includes/wildcard.untrusted-root.conf

@@ -0,0 +1,6 @@
+---
+---
+
+ssl on;
+ssl_certificate {{ site.cert-path }}/wildcard-untrusted-root.pem;
+ssl_certificate_key /etc/keys/leaf-main.key;