Retire support for keybase.io gpg version 2.x doesn't appear to work well with it, but beyond that there's the really concerning issue that the site asks users to upload their *private keys*. Even if the private keys are client side passphrase encrypted this gives that site a full time opportunity to crack private keys. Even if they don't so that, a leak happens and suddenly letter agencies have your private key. Not a good way to go.

src/freedombone-app-dokuwiki

         echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-        nginx_keybase $DOKUWIKI_DOMAIN_NAME
-        echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
         echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
-    nginx_keybase $DOKUWIKI_DOMAIN_NAME
     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME
     echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$DOKUWIKI_DOMAIN_NAME

src/freedombone-app-etherpad

         echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
         echo '    proxy_buffering   off;' >> $etherpad_nginx_site
         echo '  }' >> $etherpad_nginx_site
-        echo '' >> $etherpad_nginx_site
-        nginx_keybase $ETHERPAD_DOMAIN_NAME
         echo '}' >> $etherpad_nginx_site
     else
         echo -n '' > $etherpad_nginx_site
     echo '    proxy_set_header  Host $host;' >> $etherpad_nginx_site
     echo '    proxy_buffering   off;' >> $etherpad_nginx_site
     echo '  }' >> $etherpad_nginx_site
-    echo '' >> $etherpad_nginx_site
-    nginx_keybase $ETHERPAD_DOMAIN_NAME
     echo '}' >> $etherpad_nginx_site
 
     function_check create_site_certificate

src/freedombone-app-friendica

         echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        nginx_keybase ${FRIENDICA_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '    }' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
-        nginx_keybase ${FRIENDICA_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME
         echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$FRIENDICA_DOMAIN_NAME

src/freedombone-app-ghost

         echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-        nginx_keybase $GHOST_DOMAIN_NAME
         echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     else
     echo '        log_not_found off;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
     echo '    }' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
-    nginx_keybase ${GHOST_DOMAIN_NAME}
     echo '}' >> /etc/nginx/sites-available/${GHOST_DOMAIN_NAME}
 
     function_check create_site_certificate

src/freedombone-app-gnusocial

         echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
         echo '    deny all;' >> $gnusocial_nginx_site
         echo '  }' >> $gnusocial_nginx_site
-        echo '' >> $gnusocial_nginx_site
-        # DO NOT ENABLE KEYBASE. gnusocial really doesn't like having a .well-known directory
         echo '}' >> $gnusocial_nginx_site
     else
         echo -n '' > $gnusocial_nginx_site
     echo '  location ~ /\.(ht|git) {' >> $gnusocial_nginx_site
     echo '    deny all;' >> $gnusocial_nginx_site
     echo '  }' >> $gnusocial_nginx_site
-    echo '' >> $gnusocial_nginx_site
-    # DO NOT ENABLE KEYBASE. gnusocial really doesn't like having a .well-known directory
     echo '}' >> $gnusocial_nginx_site
 
     function_check configure_php

src/freedombone-app-gogs

         echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-        nginx_keybase ${GIT_DOMAIN_NAME}
         echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     else
     echo '        log_not_found off;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
     echo '    }' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
-    nginx_keybase ${GIT_DOMAIN_NAME}
     echo '}' >> /etc/nginx/sites-available/${GIT_DOMAIN_NAME}
 
     function_check configure_php

src/freedombone-app-htmly

     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    nginx_keybase ${HTMLY_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
-    nginx_keybase ${HTMLY_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME
     echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HTMLY_DOMAIN_NAME

src/freedombone-app-hubzilla

         echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        nginx_keybase ${HUBZILLA_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '        rewrite ^/(.*) /index.php?q=$uri&$args last;' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    }' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
-        nginx_keybase ${HUBZILLA_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # statically serve these file types when possible' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # otherwise fall back to front controller' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME
         echo '    # allow browser to cache them' >> /etc/nginx/sites-available/$HUBZILLA_DOMAIN_NAME

src/freedombone-app-kanboard

         echo '  location ~ /\.(ht|git) {' >> $kanboard_nginx_site
         echo '    deny all;' >> $kanboard_nginx_site
         echo '  }' >> $kanboard_nginx_site
-        echo '' >> $kanboard_nginx_site
-        # DO NOT ENABLE KEYBASE. kanboard really doesn't like having a .well-known directory
         echo '}' >> $kanboard_nginx_site
     else
         echo -n '' > $kanboard_nginx_site
     echo '  location ~ /\.(ht|git) {' >> $kanboard_nginx_site
     echo '    deny all;' >> $kanboard_nginx_site
     echo '  }' >> $kanboard_nginx_site
-    echo '' >> $kanboard_nginx_site
-    # DO NOT ENABLE KEYBASE. kanboard really doesn't like having a .well-known directory
     echo '}' >> $kanboard_nginx_site
 
     function_check configure_php

src/freedombone-app-lychee

     nginx_limits $LYCHEE_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    nginx_keybase ${LYCHEE_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     nginx_limits $LYCHEE_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
-    nginx_keybase ${LYCHEE_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
     echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME

src/freedombone-app-mailpile

         echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
         echo '    proxy_redirect off;' >> $mailpile_nginx_site
         echo '  }' >> $mailpile_nginx_site
-        echo '' >> $mailpile_nginx_site
-        nginx_keybase ${MAILPILE_DOMAIN_NAME}
         echo '}' >> $mailpile_nginx_site
         echo '' >> $mailpile_nginx_site
     else
     echo "    proxy_pass http://localhost:${MAILPILE_PORT};" >> $mailpile_nginx_site
     echo '    proxy_redirect off;' >> $mailpile_nginx_site
     echo '  }' >> $mailpile_nginx_site
-    echo '' >> $mailpile_nginx_site
-    nginx_keybase ${MAILPILE_DOMAIN_NAME}
     echo '}' >> $mailpile_nginx_site
 
     function_check create_site_certificate

src/freedombone-app-mediagoblin

         nginx_disable_sniffing $MEDIAGOBLIN_DOMAIN_NAME
         function_check nginx_limits
         nginx_limits $MEDIAGOBLIN_DOMAIN_NAME 800m
-        nginx_keybase $MEDIAGOBLIN_DOMAIN_NAME
         echo '' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
         echo '    client_header_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME
         echo '    client_body_timeout 10m;' >> /etc/nginx/sites-available/$MEDIAGOBLIN_DOMAIN_NAME

src/freedombone-app-nextcloud

         echo '  }' >> $nextcloud_nginx_site
         echo '' >> $nextcloud_nginx_site
         echo '  location /.well-known/acme-challenge { }' >> $nextcloud_nginx_site
-        echo '' >> $nextcloud_nginx_site
-
-        # DO NOT ENABLE KEYBASE. nextcloud really doesn't like having a .well-known directory
         echo '}' >> $nextcloud_nginx_site
     else
         echo -n '' > $nextcloud_nginx_site

src/freedombone-app-pelican

     nginx_limits $PELICAN_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    nginx_keybase ${PELICAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
     echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
     echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
     echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
     nginx_limits $PELICAN_DOMAIN_NAME
     echo '    }' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
     echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
-    nginx_keybase ${PELICAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
     echo '    # block these file types' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
     echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME
     echo '        deny all;' >> /etc/nginx/sites-available/$PELICAN_DOMAIN_NAME

src/freedombone-app-postactiv

         echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
         echo '    deny all;' >> $postactiv_nginx_site
         echo '  }' >> $postactiv_nginx_site
-        echo '' >> $postactiv_nginx_site
-        # DO NOT ENABLE KEYBASE. postactiv really doesn't like having a .well-known directory
         echo '}' >> $postactiv_nginx_site
     else
         echo -n '' > $postactiv_nginx_site
     echo '  location ~ /\.(ht|git) {' >> $postactiv_nginx_site
     echo '    deny all;' >> $postactiv_nginx_site
     echo '  }' >> $postactiv_nginx_site
-    echo '' >> $postactiv_nginx_site
-    # DO NOT ENABLE KEYBASE. postactiv really doesn't like having a .well-known directory
     echo '}' >> $postactiv_nginx_site
 
     function_check configure_php

src/freedombone-app-riot

         function_check nginx_limits
         nginx_limits $RIOT_DOMAIN_NAME '15m'
         echo '  }' >> $riot_nginx_site
-        echo '' >> $riot_nginx_site
-        nginx_keybase ${RIOT_DOMAIN_NAME}
         echo '}' >> $riot_nginx_site
         echo '' >> $riot_nginx_site
     else
     function_check nginx_limits
     nginx_limits $RIOT_DOMAIN_NAME '15m'
     echo '  }' >> $riot_nginx_site
-    echo '' >> $riot_nginx_site
-    nginx_keybase ${RIOT_DOMAIN_NAME}
     echo '}' >> $riot_nginx_site
 
     sed '/Content-Security-Policy/d' $riot_nginx_site

src/freedombone-app-wekan

         echo '        log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
         echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
         echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-        nginx_keybase ${WEKAN_DOMAIN_NAME}
         echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
         echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
     else
     echo '        log_not_found off;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
     echo '        access_log /dev/null;' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
     echo '    }' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    echo '' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
-    nginx_keybase ${WEKAN_DOMAIN_NAME}
     echo '}' >> /etc/nginx/sites-available/${WEKAN_DOMAIN_NAME}
 
     function_check nginx_ensite

src/freedombone-utils-web

     #nginx_stapling $1
 }
 
-function nginx_keybase {
-    # creates files suitable for keybase.io verification
-    domain_name=$1
-    filename=/etc/nginx/sites-available/$domain_name
-
-    echo '' >> $filename
-    echo "  # make sure webfinger and other well known services aren't blocked" >> $filename
-    echo '  # by denying dot files and rewrite request to the front controller' >> $filename
-    echo '  location ^~ /.well-known/ {' >> $filename
-    echo '      allow all;' >> $filename
-    echo '  }' >> $filename
-
-    if [ ! -d /var/www/${domain_name}/htdocs/.well-known ]; then
-        mkdir -p /var/www/${domain_name}/htdocs/.well-known
-    fi
-    if [ ! -f /var/www/${domain_name}/htdocs/keybase.txt ]; then
-        touch /var/www/${domain_name}/htdocs/keybase.txt
-    fi
-    if [ ! -f /var/www/${domain_name}/htdocs/.well-known/keybase.txt ]; then
-        touch /var/www/${domain_name}/htdocs/.well-known/keybase.txt
-    fi
-}
-
 # check an individual domain name
 function test_domain_name {
     if [ $1 ]; then