diff --git a/cznic/cznic-cacert-bundle/Makefile b/cznic/cznic-cacert-bundle/Makefile
index c743e158f1ab756a059584c1ed44b2ee124ce065..c016c309ba1ba0553e5d742e9fc93d16f3e07d09 100644
--- a/cznic/cznic-cacert-bundle/Makefile
+++ b/cznic/cznic-cacert-bundle/Makefile
@@ -28,10 +28,10 @@ define Package/$(PKG_NAME)/postinst
 [ -n "$$IPKG_INSTROOT" ] || {
 	# TODO: If ever anything gets removed from this list, use -r, not delete it manually.
 	/usr/sbin/cert-backup \
-		/etc/ssl/www_turris_cz_ca.pem \
 		/etc/ssl/turris.pem \
 		/usr/bin/get-api-crl \
 		/etc/ssl/ucollect-server.pem \
+		-r /etc/ssl/www_turris_cz_ca.pem \
 		-r /etc/ssl/startcom.pem \
 		-r /etc/ssl/api.turris.pem
 	get-api-crl
@@ -53,7 +53,6 @@ define Package/$(PKG_NAME)/install
 	$(INSTALL_DIR) $(1)/etc/ssl/
 	# TODO: If anything is modified here, it needs to be updated in the postinst too
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/cacerts/emergency-ca/ca.crt $(1)/etc/ssl/turris.pem
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/cacerts/letsencrypt.pem $(1)/etc/ssl/www_turris_cz_ca.pem
 	$(INSTALL_DATA) $(PKG_BUILD_DIR)/cacerts/ucollect-server.pem $(1)/etc/ssl/
 	ln -s /tmp/crl.pem $(1)/etc/ssl/crl.pem
 
diff --git a/cznic/haas-proxy/files/register.sh b/cznic/haas-proxy/files/register.sh
index da014993e88177bad2e34a697ab620a82abbd822..5ed7c960b8f643e16ecfb805bf8e5d00aa318529 100644
--- a/cznic/haas-proxy/files/register.sh
+++ b/cznic/haas-proxy/files/register.sh
@@ -21,14 +21,12 @@
 set -e
 
 TIMEOUT=120
-CA_FILE=/etc/ssl/www_turris_cz_ca.pem  # let's encrypt inside
 URL='https://haas.nic.cz/api/turris/register'
 
 if [ -z "$(uci -q get haas.settings.token 2>/dev/null)" ]; then
 	CODE=$(cat /usr/share/server-uplink/registration_code)
 	TOKEN=$(curl -sS -H "Content-Type: application/json" \
 		-X POST -d "{\"registration_code\": \"${CODE}\"}" \
-		--cacert "$CA_FILE" \
 		-m "${TIMEOUT}" \
 		"${URL}" | sed -n -e 's/^.*"token":[[:blank:]]*"\([^"]*\)".*/\1/p')
 
diff --git a/cznic/nuci/Makefile b/cznic/nuci/Makefile
index b1ddb51e2dc5c12c0df8573139151ab88196784a..6b85d40c2f78b348a4ba981fe0ccd38d0c1f4c0b 100644
--- a/cznic/nuci/Makefile
+++ b/cznic/nuci/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=nuci
-PKG_VERSION:=161
+PKG_VERSION:=162
 PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://gitlab.labs.nic.cz/turris/nuci.git
diff --git a/cznic/server-uplink/files/contract_valid.sh b/cznic/server-uplink/files/contract_valid.sh
index 8701127a675a7e22b7cb5a64e5582a883f963e00..74da04af46cf0aaca45afb353eb3c50aa8701ca8 100644
--- a/cznic/server-uplink/files/contract_valid.sh
+++ b/cznic/server-uplink/files/contract_valid.sh
@@ -21,13 +21,18 @@
 set -e
 
 TIMEOUT=120
-CA_FILE=/etc/ssl/www_turris_cz_ca.pem
 OUTPUT_FILE=/usr/share/server-uplink/contract_valid
 CONTRACT_URL='https://project.turris.cz/api/contract-valid.txt'
 
 
 CODE=$(cat /usr/share/server-uplink/registration_code)
-RESULT=$(curl -s -S -L -G --data-urlencode "registration_code=$CODE" -H "Accept: plain/text" --cacert "$CA_FILE" --cert-status -m "$TIMEOUT" "$CONTRACT_URL" | sed -ne 's/^result: *\(..*\)/\1/p')
+RESULT=$(
+		curl -s -S -L -G -H "Accept: plain/text" \
+						--data-urlencode "registration_code=$CODE" \
+						--cert-status -m "$TIMEOUT" \
+						"$CONTRACT_URL" \
+				| sed -ne 's/^result: *\(..*\)/\1/p'
+)
 
 if [ -z "$RESULT" ] ; then
 	# failed to download
diff --git a/cznic/server-uplink/files/registered.sh b/cznic/server-uplink/files/registered.sh
index 05b067cf706299d5e08f992853c6ec80def80e24..17b5be191e3640b5d39914d8da430ad226c96157 100644
--- a/cznic/server-uplink/files/registered.sh
+++ b/cznic/server-uplink/files/registered.sh
@@ -34,12 +34,10 @@ LANG="$2"
 LANG=${LANG:-en}
 
 TIMEOUT=120
-CA_FILE=/etc/ssl/www_turris_cz_ca.pem
 
 
 CODE=$(cat /usr/share/server-uplink/registration_code)
 URL="https://project.turris.cz/api/registration-lookup.txt"
 curl -G -s -S -L -H "Accept: plain/text" -H "Accept-Language: $LANG" \
 	--data-urlencode "registration_code=${CODE}" --data-urlencode "email=${EMAIL}" \
-	--cacert "$CA_FILE" \
 	--cert-status -m "$TIMEOUT" "$URL" -w "\ncode: %{http_code}"
diff --git a/cznic/turris-diagnostics/Makefile b/cznic/turris-diagnostics/Makefile
index 5b2210b47c825fa673b5c92c050c99b81dec1bc6..4f18011e6bc733a8fd1a700a0535da79552d19c4 100644
--- a/cznic/turris-diagnostics/Makefile
+++ b/cznic/turris-diagnostics/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=turris-diagnostics
-PKG_VERSION:=9.2
+PKG_VERSION:=9.3
 PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://gitlab.labs.nic.cz/turris/diagnostics.git