(umask 077; mkdir .certificates/) && openssl rsa -inform PEM -in key.rsa -outform DER -out .certificates/key.der && openssl x509 -in cert.pem -out .certificates/cert.der -outform DER && chmod 0600 ./certificates/*.der && rm key.rsa cert.pem
This #CLI oneliner would:
.certificatesdir with that's only accessible to your user
Now you should be able to run your agate server with
--certs /path/to/.certificates to specify the new location of your certificates.
It's probably a good idea to have agate regenerate your certs in #ECDSA format instead, but this would at least allow you to upgrade already, and give you some time to inform your users of a pending cert change, and announce the new fingerprints ahead of time via your gemlog and out-of-band via your website and/or social media accounts.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!