diff --git a/Dockerfile b/Dockerfile
index e5ac6c6a..32a74eab 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,20 +1,15 @@
-# Start with Ubuntu 16.04 (LTS), and build badssl.com up from there
-FROM ubuntu:16.04
+# Start with Ubuntu 24.04 (LTS), and build badssl.com up from there
+FROM ubuntu:24.04
 MAINTAINER April King <april@pokeinthe.io>
 EXPOSE 80 443
-RUN apt-get update && apt-get install -y apt-transport-https
-RUN apt-get install -y software-properties-common
-RUN apt-add-repository ppa:brightbox/ruby-ng
 RUN apt-get update && apt-get install -y \
     build-essential \
     git \
+    jekyll \
     libffi-dev \
     make \
     nginx \
-    ruby2.4 \
-    ruby2.4-dev
-RUN gem update --system
-RUN gem install jekyll
+    ruby
 
 # Install badssl.com
 ADD . badssl.com
diff --git a/certs/Makefile b/certs/Makefile
index fc3565dd..2434d39a 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -487,10 +487,6 @@ $(O)/gen/chain/subdomain-known-interception.pem: $(O)/gen/crt/subdomain-known-in
 
 
 ################################
-$(O)/gen/dhparam/dh480.pem:
-	./tool dhparam $@ $(D) 480
-$(O)/gen/dhparam/dh512.pem:
-	./tool dhparam $@ $(D) 512
 $(O)/gen/dhparam/dh1024.pem:
 	./tool dhparam $@ $(D) 1024
 $(O)/gen/dhparam/dh2048.pem:
@@ -508,4 +504,4 @@ chains-prod: $(CHAINS_PROD)
 chains-local: chains-prod $(CHAINS_LOCAL_ONLY)
 
 .PHONY: dhparams
-dhparams: $(O)/gen/dhparam/dh480.pem $(O)/gen/dhparam/dh512.pem $(O)/gen/dhparam/dh1024.pem $(O)/gen/dhparam/dh2048.pem $(O)/gen/dhparam/dh-composite.pem $(O)/gen/dhparam/dh-small-subgroup.pem
+dhparams: $(O)/gen/dhparam/dh1024.pem $(O)/gen/dhparam/dh2048.pem $(O)/gen/dhparam/dh-composite.pem $(O)/gen/dhparam/dh-small-subgroup.pem
diff --git a/domains/cipher-suite/3des.conf b/domains/cipher-suite/3des.conf
deleted file mode 100644
index 5d4a97a6..00000000
--- a/domains/cipher-suite/3des.conf
+++ /dev/null
@@ -1,19 +0,0 @@
----
----
-server {
-  listen 80;
-  server_name 3des.{{ site.domain }};
-  
-  return 301 https://$server_name$request_uri;
-}
-
-server {
-  listen 443;
-  server_name 3des.{{ site.domain }};
-
-  include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf;
-  include {{ site.serving-path }}/nginx-includes/tls-3des.conf;
-  include {{ site.serving-path }}/common/common.conf;
-
-  root {{ site.serving-path }}/domains/cipher-suite/3des;
-}
diff --git a/domains/cipher-suite/3des/index.html b/domains/cipher-suite/3des/index.html
deleted file mode 100644
index 28f0bee0..00000000
--- a/domains/cipher-suite/3des/index.html
+++ /dev/null
@@ -1,12 +0,0 @@
----
-subdomain: 3des
-layout: page
-favicon: red
-background: red
----
-
-<div id="content">
-  <h1 style="font-size: 8vw;">
-    {{ page.subdomain }}.{{ site.domain }}
-  </h1>
-</div>
diff --git a/domains/cipher-suite/rc4-md5.conf b/domains/cipher-suite/rc4-md5.conf
deleted file mode 100644
index 0149104a..00000000
--- a/domains/cipher-suite/rc4-md5.conf
+++ /dev/null
@@ -1,19 +0,0 @@
----
----
-server {
-  listen 80;
-  server_name rc4-md5.{{ site.domain }};
-  
-  return 301 https://$server_name$request_uri;
-}
-
-server {
-  listen 443;
-  server_name rc4-md5.{{ site.domain }};
-
-  include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf;
-  include {{ site.serving-path }}/nginx-includes/tls-rc4-md5.conf;
-  include {{ site.serving-path }}/common/common.conf;
-
-  root {{ site.serving-path }}/domains/cipher-suite/rc4-md5;
-}
diff --git a/domains/cipher-suite/rc4-md5/index.html b/domains/cipher-suite/rc4-md5/index.html
deleted file mode 100644
index 9ce7aa93..00000000
--- a/domains/cipher-suite/rc4-md5/index.html
+++ /dev/null
@@ -1,12 +0,0 @@
----
-subdomain: rc4-md5
-layout: page
-favicon: gray
-background: gray
----
-
-<div id="content">
-  <h1 style="font-size: 12vw;">
-    {{ page.subdomain }}.<br>{{ site.domain }}
-  </h1>
-</div>
diff --git a/domains/cipher-suite/rc4.conf b/domains/cipher-suite/rc4.conf
deleted file mode 100644
index 180ab6be..00000000
--- a/domains/cipher-suite/rc4.conf
+++ /dev/null
@@ -1,19 +0,0 @@
----
----
-server {
-  listen 80;
-  server_name rc4.{{ site.domain }};
-  
-  return 301 https://$server_name$request_uri;
-}
-
-server {
-  listen 443;
-  server_name rc4.{{ site.domain }};
-
-  include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf;
-  include {{ site.serving-path }}/nginx-includes/tls-rc4.conf;
-  include {{ site.serving-path }}/common/common.conf;
-
-  root {{ site.serving-path }}/domains/cipher-suite/rc4;
-}
diff --git a/domains/cipher-suite/rc4/index.html b/domains/cipher-suite/rc4/index.html
deleted file mode 100644
index 261d083b..00000000
--- a/domains/cipher-suite/rc4/index.html
+++ /dev/null
@@ -1,12 +0,0 @@
----
-subdomain: rc4
-layout: page
-favicon: gray
-background: gray
----
-
-<div id="content">
-  <h1 style="font-size: 10vw;">
-    {{ page.subdomain }}.{{ site.domain }}
-  </h1>
-</div>
diff --git a/domains/key-exchange/dh480.conf b/domains/key-exchange/dh480.conf
deleted file mode 100644
index 4646fdfd..00000000
--- a/domains/key-exchange/dh480.conf
+++ /dev/null
@@ -1,19 +0,0 @@
----
----
-server {
-  listen 80;
-  server_name dh480.{{ site.domain }};
-
-  return 301 https://$server_name$request_uri;
-}
-
-server {
-  listen 443;
-  server_name dh480.{{ site.domain }};
-
-  include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf;
-  include {{ site.serving-path }}/nginx-includes/tls-dh480.conf;
-  include {{ site.serving-path }}/common/common.conf;
-
-  root {{ site.serving-path }}/domains/key-exchange/dh480;
-}
diff --git a/domains/key-exchange/dh480/index.html b/domains/key-exchange/dh480/index.html
deleted file mode 100644
index 3aacfcab..00000000
--- a/domains/key-exchange/dh480/index.html
+++ /dev/null
@@ -1,16 +0,0 @@
----
-subdomain: dh480
-layout: page
-favicon: red
-background: red
----
-
-<div id="content">
-  <h1 style="font-size: 9vw;">
-    {{ page.subdomain }}.{{ site.domain }}
-  </h1>
-</div>
-
-<div id="footer">
-  This site uses an ephemeral Diffie-Hellman key exchange<br>over a 480-bit group.
-</div>
diff --git a/domains/key-exchange/dh512.conf b/domains/key-exchange/dh512.conf
deleted file mode 100644
index 2d7e40db..00000000
--- a/domains/key-exchange/dh512.conf
+++ /dev/null
@@ -1,19 +0,0 @@
----
----
-server {
-  listen 80;
-  server_name dh512.{{ site.domain }};
-
-  return 301 https://$server_name$request_uri;
-}
-
-server {
-  listen 443;
-  server_name dh512.{{ site.domain }};
-
-  include {{ site.serving-path }}/nginx-includes/wildcard-normal.conf;
-  include {{ site.serving-path }}/nginx-includes/tls-dh512.conf;
-  include {{ site.serving-path }}/common/common.conf;
-
-  root {{ site.serving-path }}/domains/key-exchange/dh512;
-}
diff --git a/domains/key-exchange/dh512/index.html b/domains/key-exchange/dh512/index.html
deleted file mode 100644
index 76c8b07d..00000000
--- a/domains/key-exchange/dh512/index.html
+++ /dev/null
@@ -1,16 +0,0 @@
----
-subdomain: dh512
-layout: page
-favicon: red
-background: red
----
-
-<div id="content">
-  <h1 style="font-size: 9vw;">
-    {{ page.subdomain }}.{{ site.domain }}
-  </h1>
-</div>
-
-<div id="footer">
-  This site uses an ephemeral Diffie-Hellman key exchange<br>over a 512-bit group.
-</div>
diff --git a/nginx-includes/tls-3des.conf b/nginx-includes/tls-3des.conf
deleted file mode 100644
index e00cf840..00000000
--- a/nginx-includes/tls-3des.conf
+++ /dev/null
@@ -1,9 +0,0 @@
----
----
-
-ssl_session_timeout 5m;
-
-ssl_protocols TLSv1.1 TLSv1.2;
-ssl_ciphers '3DES:!aNULL:!eNULL:!EXPORT:!DES:!CBC:!RC4:!MD5:!PSK';
-ssl_prefer_server_ciphers on;
-
diff --git a/nginx-includes/tls-defaults.conf b/nginx-includes/tls-defaults.conf
index 609c8e65..49f183f4 100644
--- a/nginx-includes/tls-defaults.conf
+++ b/nginx-includes/tls-defaults.conf
@@ -6,5 +6,5 @@ ssl_session_timeout 5m;
 
 # Based on https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1f&hsts=yes&profile=old
 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
-ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
+ssl_ciphers @SECLEVEL=0:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
 ssl_prefer_server_ciphers on;
diff --git a/nginx-includes/tls-dh-composite.conf b/nginx-includes/tls-dh-composite.conf
index 03172ce6..13891640 100644
--- a/nginx-includes/tls-dh-composite.conf
+++ b/nginx-includes/tls-dh-composite.conf
@@ -5,5 +5,5 @@ ssl_dhparam {{ site.dhparam-path }}/dh-composite.pem;
 ssl_session_timeout 5m;
 
 ssl_protocols TLSv1.1 TLSv1.2;
-ssl_ciphers 'DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
+ssl_ciphers '@SECLEVEL=0:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
 ssl_prefer_server_ciphers on;
diff --git a/nginx-includes/tls-dh1024.conf b/nginx-includes/tls-dh1024.conf
index a91e580c..4ed83667 100644
--- a/nginx-includes/tls-dh1024.conf
+++ b/nginx-includes/tls-dh1024.conf
@@ -5,5 +5,5 @@ ssl_dhparam {{ site.dhparam-path }}/dh1024.pem;
 ssl_session_timeout 5m;
 
 ssl_protocols TLSv1.1 TLSv1.2;
-ssl_ciphers 'DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
+ssl_ciphers '@SECLEVEL=0:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
 ssl_prefer_server_ciphers on;
diff --git a/nginx-includes/tls-dh480.conf b/nginx-includes/tls-dh480.conf
deleted file mode 100644
index c53fa1ee..00000000
--- a/nginx-includes/tls-dh480.conf
+++ /dev/null
@@ -1,9 +0,0 @@
----
----
-ssl_dhparam {{ site.dhparam-path }}/dh480.pem;
-
-ssl_session_timeout 5m;
-
-ssl_protocols TLSv1.1 TLSv1.2;
-ssl_ciphers 'DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
-ssl_prefer_server_ciphers on;
diff --git a/nginx-includes/tls-dh512.conf b/nginx-includes/tls-dh512.conf
deleted file mode 100644
index 27099bed..00000000
--- a/nginx-includes/tls-dh512.conf
+++ /dev/null
@@ -1,9 +0,0 @@
----
----
-ssl_dhparam {{ site.dhparam-path }}/dh512.pem;
-
-ssl_session_timeout 5m;
-
-ssl_protocols TLSv1.1 TLSv1.2;
-ssl_ciphers 'DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
-ssl_prefer_server_ciphers on;
diff --git a/nginx-includes/tls-mozilla-old.conf b/nginx-includes/tls-mozilla-old.conf
index f2da0158..54f563bb 100644
--- a/nginx-includes/tls-mozilla-old.conf
+++ b/nginx-includes/tls-mozilla-old.conf
@@ -6,5 +6,5 @@ ssl_session_timeout 5m;
 
 # Based on https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.9.5&openssl=1.0.1e&hsts=yes&profile=old
 ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
-ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
+ssl_ciphers '@SECLEVEL=0:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
 ssl_prefer_server_ciphers on;
diff --git a/nginx-includes/tls-rc4-md5.conf b/nginx-includes/tls-rc4-md5.conf
deleted file mode 100644
index 2cad6c36..00000000
--- a/nginx-includes/tls-rc4-md5.conf
+++ /dev/null
@@ -1,9 +0,0 @@
----
----
-
-ssl_session_timeout 5m;
-
-ssl_protocols TLSv1.1 TLSv1.2;
-ssl_ciphers 'RC4:!aNULL:!eNULL:!EXPORT:!DES:!CBC:!3DES:!SHA:MD5:!PSK';
-ssl_prefer_server_ciphers on;
-
diff --git a/nginx-includes/tls-rc4.conf b/nginx-includes/tls-rc4.conf
deleted file mode 100644
index 380ca0fa..00000000
--- a/nginx-includes/tls-rc4.conf
+++ /dev/null
@@ -1,9 +0,0 @@
----
----
-
-ssl_session_timeout 5m;
-
-ssl_protocols TLSv1.1 TLSv1.2;
-ssl_ciphers 'RC4:!aNULL:!eNULL:!EXPORT:!DES:!CBC:!3DES:!MD5:!PSK';
-ssl_prefer_server_ciphers on;
-