Upgrader fails to check upgrades: CA changed for our website

We'll update the CA pinned by our upgrader in 4.15 (tails#18127 (closed)).

But in order to allow users to upgrade to 4.15, we need to revert the TLS certificate to the previous version (/etc/letsencrypt/archive/tails.boum.org/cert14.pem) that is still valid for some time: it expires on Feb 12.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information