Due to the Heartbleed vulnerability I had to recreate all TLS-keys of my server. Since CACert appears to be mostly dead (or dying at least), I am currently on the lookout for a new CA. In the meantime I switched to self-signed certificates for all my services.
The new fingerprints are:
This is of course useless in the general case, but if you already trust my gpg-key, you can use
curl http://blog.merovius.de/2014/04/10/heartbleed-new-certificates.html | gpg
to get this post signed and verified.