--- /dev/null
+#! /bin/sh
+
+set -e
+
+sudo -ucacert rsync -rtl --safe-links --delete-after \
+ rsync://www.distorted.org.uk/ca/cert/ \
+ /var/cache/ca-certs/
+if [ -d /etc/ca/refresh.d ]; then
+ mkdir -p -m755 /var/log/update-ca-certs
+ hush -d/var/log/update-ca-certs -n15 refresh \
+ run-parts --report /etc/ca/refresh.d
+fi