diff --git a/CERTIFICATES.md b/CERTIFICATES.md
index 69d6c18..0e0a867 100644
--- a/CERTIFICATES.md
+++ b/CERTIFICATES.md
@@ -61,7 +61,7 @@ Import a certificate by CommonName
 Running the function `$CertificateAvailable` with that name as parameter
 makes sure the certificate is available in the device's store:
 
-    $CertificateAvailable "ISRG Root X2";
+    $CertificateAvailable "ISRG Root X2" "fetch";
 
 If the certificate is actually available already nothing happens, and there
 is no output. Otherwise the certificate is downloaded and imported.
diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md
index 40f609b..787c11e 100644
--- a/INITIAL-COMMANDS.md
+++ b/INITIAL-COMMANDS.md
@@ -17,13 +17,16 @@ Initial commands
 Run the complete base installation:
 
     {
-      :local BaseUrl "https://git.eworm.de/cgit/routeros-scripts/plain/";
+      :local BaseUrl "https://rsc.eworm.de/main/";
       :local CertCommonName "ISRG Root X2";
       :local CertFileName "ISRG-Root-X2.pem";
       :local CertFingerprint "69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
 
-      :if (!(([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \
-           [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={
+      :local CertSettings [ /certificate/settings/get ];
+      :if (!((($CertSettings->"builtin-trust-anchors") = "trusted" || \
+              ($CertSettings->"builtin-trust-store") ~ "fetch" || \
+              ($CertSettings->"builtin-trust-store") = "all") && \
+             [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={
         :put "Importing certificate...";
         /tool/fetch ($BaseUrl . "certs/" . $CertFileName) dst-path=$CertFileName as-value;
         :delay 1s;
diff --git a/Makefile b/Makefile
index 0265a51..3d428ba 100644
--- a/Makefile
+++ b/Makefile
@@ -2,38 +2,40 @@
 #  template scripts -> final scripts
 #  markdown files -> html files
 
-CAPSMAN = $(wildcard *.capsman.rsc)
-LOCAL = $(wildcard *.local.rsc)
-WIFI = $(wildcard *.wifi.rsc)
+ALL_RSC		:= $(wildcard *.rsc */*.rsc)
+GEN_RSC		:= $(wildcard *.capsman.rsc *.local.rsc *.wifi.rsc)
 
-MARKDOWN = $(wildcard *.md doc/*.md doc/mod/*.md)
-HTML = $(MARKDOWN:.md=.html)
+MARKDOWN	:= $(wildcard *.md doc/*.md doc/mod/*.md)
+HTML		:= $(MARKDOWN:.md=.html)
 
-all: $(CAPSMAN) $(LOCAL) $(WIFI) $(HTML) checksums.json
+DATE		?= $(shell date --rfc-email)
+VERSION		?= $(shell git symbolic-ref --short HEAD 2>/dev/null)/$(shell git rev-list --count HEAD 2>/dev/null)/$(shell git rev-parse --short=8 HEAD 2>/dev/null)
+export DATE VERSION
 
-%.html: %.md contrib/html.sh contrib/html.sh.d/head.html
+.PHONY: all checksums docs rsc clean
+
+all: checksums docs rsc
+
+checksums: checksums.json
+
+checksums.json: contrib/checksums.sh $(ALL_RSC)
+	contrib/checksums.sh > $@
+
+docs: $(HTML)
+
+%.html: %.md general/style.css contrib/html.sh contrib/html.sh.d/head.html
 	contrib/html.sh $< > $@
 
-%.capsman.rsc: %.template.rsc Makefile
-	sed -e '/\/interface\/wifi\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.capsman|' \
-		-e '/^# NOT \/caps-man\/ #$$/,/^# NOT \/caps-man\/ #$$/d' \
-		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
-		< $< > $@
+rsc: $(GEN_RSC)
 
-%.local.rsc: %.template.rsc Makefile
-	sed -e '/\/caps-man\//d' -e '/\/interface\/wifi\//d' -e 's|%TEMPL%|.local|' \
-		-e '/^# NOT \/interface\/wireless\/ #$$/,/^# NOT \/interface\/wireless\/ #$$/d' \
-		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
-		< $< > $@
+%.capsman.rsc: %.template.rsc contrib/template-capsman.sh
+	contrib/template-capsman.sh $< > $@
 
-%.wifi.rsc: %.template.rsc Makefile
-	sed -e '/\/caps-man\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.wifi|' \
-		-e '/^# NOT \/interface\/wifi\/ #$$/,/^# NOT \/interface\/wifi\/ #$$/d' \
-		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
-		< $< > $@
+%.local.rsc: %.template.rsc contrib/template-local.sh
+	contrib/template-local.sh $< > $@
 
-checksums.json: contrib/checksums.sh *.rsc */*.rsc
-	contrib/checksums.sh
+%.wifi.rsc: %.template.rsc contrib/template-wifi.sh
+	contrib/template-wifi.sh $< > $@
 
 clean:
 	rm -f $(HTML) checksums.json
diff --git a/README.md b/README.md
index b0d26bd..af9ef65 100644
--- a/README.md
+++ b/README.md
@@ -77,14 +77,17 @@ download the certificates.
 > 💡️ **Hint**: RouterOS 7.19 comes with a builtin certificate store. You
 > can skip the steps regarding certificate download and import and jump
 > to [installation of scripts](#installation-of-scripts) if you set the
-> trust for these builtin trust anchors:
-> `/certificate/settings/set builtin-trust-anchors=trusted;`
+> trust for these builtin trust anchors:  
+> `/certificate/settings/set builtin-trust-anchors=trusted;`  
+> With RouterOS 7.21 the functionality was changed. Set this at minimum,
+> but make sure not to drop other targets:  
+> `/certificate/settings/set builtin-trust-store=fetch;`
 
 If you intend to download the scripts from a
 different location (for example from github.com) install the corresponding
 certificate chain.
 
-    /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem";
+    /tool/fetch "https://rsc.eworm.de/main/certs/ISRG-Root-X2.pem" dst-path="isrg-root-x2.pem";
 
 ![screenshot: download certs](README.d/01-download-certs.avif)
 
@@ -122,7 +125,7 @@ date and time is set correctly!
 
 Now let's download the main scripts and add them in configuration on the fly.
 
-    :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . ".rsc") output=user as-value]->"data"); };
+    :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ /system/script/add name=$Script owner=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://rsc.eworm.de/main/" . $Script . ".rsc") output=user as-value]->"data"); };
 
 ![screenshot: import scripts](README.d/04-import-scripts.avif)
 
@@ -173,7 +176,7 @@ This last step is required when ever you make changes to your configuration.
 
 > ℹ️ **Info**: It is recommended to edit the configuration using the command
 > line interface. If using Winbox on Windows OS, the line endings may be
-> missing. To fix this run:
+> missing. To fix this run:  
 > `/system/script/set source=[ :tocrlf [ get global-config-overlay source ] ] global-config-overlay;`
 
 Updating scripts
@@ -401,14 +404,15 @@ immediately remove the link in question.
 Upstream
 --------
 
-[![upstream](README.d/upstream.png)](https://rsc.eworm.de/)
+[rsc.eworm.de](https://rsc.eworm.de/)
 
-URL:
-[GitHub.com](https://github.com/eworm-de/routeros-scripts#routeros-scripts)
+[![upstream](general/qr-code.png)](https://rsc.eworm.de/)
 
-Mirror:
-[eworm.de](https://git.eworm.de/cgit/routeros-scripts/about/)
-[GitLab.com](https://gitlab.com/eworm-de/routeros-scripts#routeros-scripts)
+### Code hosting
+
+* [eworm.de](https://git.eworm.de/cgit/routeros-scripts/about/)
+* [GitHub.com](https://github.com/eworm-de/routeros-scripts#routeros-scripts)
+* [GitLab.com](https://gitlab.com/eworm-de/routeros-scripts#routeros-scripts)
 
 ---
 [⬆️ Go back to top](#top)
diff --git a/check-certificates.rsc b/check-certificates.rsc
index c10e33b..3300bee 100644
--- a/check-certificates.rsc
+++ b/check-certificates.rsc
@@ -21,7 +21,7 @@
   :global CertWarnTime;
   :global Identity;
 
-  :global CertificateAvailable
+  :global CertificateAvailable;
   :global EscapeForRegEx;
   :global IfThenElse;
   :global LogPrint;
@@ -189,7 +189,7 @@
           fingerprint!=[ :tostr ($CertVal->"fingerprint") ] expires-after>$CertRenewTime ];
         :local CertNewVal [ /certificate/get $CertNew ];
 
-        :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") ] = false) do={
+        :if ([ $CertificateAvailable ([ $ParseKeyValueStore ($CertNewVal->"issuer") ]->"CN") "fetch" ] = false) do={
           $LogPrint warning $ScriptName ("The certificate chain is not available!");
         }
 
diff --git a/contrib/Makefile b/contrib/Makefile
new file mode 100644
index 0000000..56b8707
--- /dev/null
+++ b/contrib/Makefile
@@ -0,0 +1,12 @@
+# Makefile
+
+HTML	:= $(wildcard *.html)
+
+.PHONY: all docs
+
+all: docs
+
+docs: $(HTML)
+	sed -i -e '/href=/s|\.md|\.html|' \
+		-e '/blockquote/s|/\*! display \*/|display: none;|' \
+		 $(HTML)
diff --git a/contrib/checksums.sh b/contrib/checksums.sh
index b472b49..ab4e973 100755
--- a/contrib/checksums.sh
+++ b/contrib/checksums.sh
@@ -6,4 +6,4 @@ set -e
 
 md5sum $(find -name '*.rsc' | sort) | \
 	sed -e "s| \./||" -e 's|.rsc$||' | \
-	jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add' > 'checksums.json'
+	jq --raw-input --null-input '[ inputs | split (" ") | { (.[1]): (.[0]) }] | add'
diff --git a/contrib/html.sh b/contrib/html.sh
index bbd8ba8..dfdaf4a 100755
--- a/contrib/html.sh
+++ b/contrib/html.sh
@@ -2,8 +2,23 @@
 
 set -e
 
-sed "s|__TITLE__|$(head -n1 "${1}")|" < "${0}.d/head.html"
+RELTO="$(dirname "${1}")"
+
+sed \
+	-e "s|__TITLE__|$(head -n1 "${1}")|" \
+	-e "s|__STYLE__|$(realpath --relative-to="${RELTO}" general/style.css)|" \
+	-e "s|__LOGO__|$(realpath --relative-to="${RELTO}" logo.png)|" \
+	-e "s|__EWORM__|$(realpath --relative-to="${RELTO}" general/eworm-meadow.avif)|" \
+	-e "s|__QR_CODE__|$(realpath --relative-to="${RELTO}" general/qr-code.png)|" \
+	< "${0}.d/head.html"
+
 markdown -f toc,idanchor "${1}" | sed \
-	-e 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' \
-	-e '/<h[1234] /s| id="\(.*\)">| id="\L\1">|'
-printf '</body></html>'
+	-e 's/href="\([-_\./[:alnum:]]*\)\.md\(#[-[:alnum:]]*\)\?"/href="\1.html\2"/g' \
+	-e '/<h[1234] /s| id="\(.*\)">| id="\L\1">|' \
+	-e '/<h[1234] /s|-2c-||g' -e '/<h[1234] /s|--26-amp-3b-||g' \
+	-e '/The above link may be broken on code hosting sites/s|blockquote|blockquote style="display: none;"|'
+
+sed \
+	-e "s|__DATE__|${DATE:-$(date --rfc-email)}|" \
+	-e "s|__VERSION__|${VERSION:-unknown}|" \
+	< "${0}.d/foot.html"
diff --git a/contrib/html.sh.d/foot.html b/contrib/html.sh.d/foot.html
new file mode 100644
index 0000000..106c2bd
--- /dev/null
+++ b/contrib/html.sh.d/foot.html
@@ -0,0 +1,4 @@
+
+<p class="foot">RouterOS Scripts documentation generated on <i>__DATE__</i> for <i>__VERSION__</i></p>
+
+</body></html>
diff --git a/contrib/html.sh.d/head.html b/contrib/html.sh.d/head.html
index 1b1dd03..da54157 100644
--- a/contrib/html.sh.d/head.html
+++ b/contrib/html.sh.d/head.html
@@ -1,15 +1,15 @@
 <!DOCTYPE html><html lang="en">
-<head><title>RouterOS Scripts :: __TITLE__</title>
-<meta http-equiv="content-type" content="text/html; charset=UTF-8">
-<style>
-  body { font-family: sans-serif; }
-  h2 { border-bottom: 1px solid #ccc; color: #000; }
-  a { text-decoration: none; }
-  a:hover { text-decoration: underline; }
-  blockquote { border-left: 4px solid #ccc; padding: 0 10px; color: #777; }
-  code { margin: 0 2px; padding: 2px 5px; border: 1px solid #ccc; background-color: #f8f8f8; border-radius: 3px; }
-  pre { background-color: #f8f8f8; border: 1px solid #ccc; overflow: auto; padding: 6px 10px; border-radius: 3px; }
-  pre code { margin: 0; padding: 0; border: 0; }
-</style>
-<link rel="icon" href="/logo.png" type="image/png">
+<head><meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<title>RouterOS Scripts :: __TITLE__</title>
+<link rel="stylesheet" type="text/css" href="__STYLE__">
+<link rel="icon" type="image/png" href="__LOGO__">
 </head><body>
+
+<table><tr>
+  <td><img src="__EWORM__" alt="eworm on meadow" /></td>
+  <td><img src="__QR_CODE__" alt="QR code: rsc.eworm.de" /></td>
+  <td class="head"><span class="top">RouterOS Scripts</span><br />
+    <span class="bottom">a collection of scripts for MikroTik RouterOS</span></td>
+</tr></table>
+<hr />
+
diff --git a/contrib/logo-color.d/style.css b/contrib/logo-color.d/style.css
deleted file mode 100644
index eb2ec6a..0000000
--- a/contrib/logo-color.d/style.css
+++ /dev/null
@@ -1,5 +0,0 @@
-body {
-  font-family: fira-sans, sans-serif;
-  font-size: 10pt;
-  background-color: transparent;
-}
diff --git a/contrib/logo-color.html b/contrib/logo-color.html
index 17942ce..5516964 100644
--- a/contrib/logo-color.html
+++ b/contrib/logo-color.html
@@ -1,14 +1,27 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>RouterOS-Scripts Logo Color Changer</title>
-<link rel="stylesheet" type="text/css" href="logo-color.d/style.css">
+<!DOCTYPE html><html lang="en">
+<head><meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<title>RouterOS Scripts :: Logo Color Changer</title>
+<link rel="stylesheet" type="text/css" href="../general/style.css">
+<link rel="icon" type="image/png" href="../logo.png">
 <script src="logo-color.d/script.js"></script>
-</head>
-<body>
+</head><body>
 
-<h1>RouterOS-Scripts Logo Color Changer</h1>
+<table><tr>
+  <td><img src="../general/eworm-meadow.avif" alt="eworm on meadow" /></td>
+  <td><img src="../general/qr-code.png" alt="QR code: rsc.eworm.de" /></td>
+  <td class="head"><span class="top">RouterOS Scripts</span><br />
+    <span class="bottom">a collection of scripts for MikroTik RouterOS</span></td>
+</tr></table>
+<hr />
+
+<h1>Logo Color Changer</h1>
+
+<p><a href="../README.md">⬅️ Go back to main README</a></p>
+
+<blockquote style="/*! display */"><p>💡️ <strong>Hint</strong>: This site or links
+on it may be broken on code hosting sites. Use
+<a href="https://rsc.eworm.de/main/contrib/logo-color.html">Logo Color Changer</a>
+instead.</p></blockquote>
 
 <p>You want the logo for your own notifications? But you joined the
 <a href="https://t.me/routeros_scripts">Telegram Group</a> and want
@@ -24,17 +37,20 @@ something that differentiates? Color it!</p>
 <p>Then right-click, click "<i>Take Screenshot</i>" and finally select the
 logo and download it.</p>
 
-<p><img src="logo-color.d/browser-01.avif" width=533 height=482 alt="Screenshot Browser 01">
-<img src="logo-color.d/browser-02.avif" width=533 height=482 alt="Screenshot Browser 02">
-<img src="logo-color.d/browser-03.avif" width=533 height=482 alt="Screenshot Browser 03"></p>
+<p><img src="logo-color.d/browser-01.avif" alt="Screenshot Browser 01"></p>
+<p><img src="logo-color.d/browser-02.avif" alt="Screenshot Browser 02"></p>
+<p><img src="logo-color.d/browser-03.avif" alt="Screenshot Browser 03"></p>
 
 <p>(This example is with
 <a href="https://www.mozilla.org/de/firefox/new/">Firefox</a>. The workflow
 for other browsers may differ.)</p>
 
 <p>See how to
-<a href="../../about/doc/mod/notification-telegram.md#set-a-profile-photo">Set
+<a href="../doc/mod/notification-telegram.md#set-a-profile-photo">Set
 a profile photo</a> for your Telegram bot.</p>
 
-</body>
-</html>
+<hr />
+
+<p><a href="../README.md">⬅️ Go back to main README</a><br/>
+<a href="#top">⬆️ Go back to top</a></p>
+</body></html>
diff --git a/contrib/notification.d/style.css b/contrib/notification.d/style.css
deleted file mode 100644
index 648ea23..0000000
--- a/contrib/notification.d/style.css
+++ /dev/null
@@ -1,36 +0,0 @@
-body {
-  font-family: fira-sans, sans-serif;
-  font-size: 10pt;
-  background-color: transparent;
-}
-div.notification {
-  position: relative;
-  float: right;
-  width: 600px;
-  border: 3px outset #6c5d53;
-  /* border-radius: 5px; */
-  padding: 10px;
-  background-color: #e6e6e6;
-}
-div.content {
-  padding-left: 60px;
-}
-img.logo {
-  float: left;
-  border-radius: 50%;
-}
-p.heading {
-  margin: 0px;
-  font-weight: bold;
-  text-decoration: underline;
-}
-p.hint {
-  display: none;
-}
-pre {
-  font-family: fira-mono, monospace;
-  white-space: pre-wrap;
-}
-span.link {
-  color: #863600;
-}
diff --git a/contrib/notification.html b/contrib/notification.html
index 7875036..902d328 100644
--- a/contrib/notification.html
+++ b/contrib/notification.html
@@ -1,14 +1,27 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-<meta charset="UTF-8">
-<title>RouterOS-Scripts Notification Generator</title>
-<link rel="stylesheet" type="text/css" href="notification.d/style.css">
-<script src="notification.d/script.js"></script> 
-</head>
-<body>
+<!DOCTYPE html><html lang="en">
+<head><meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<title>RouterOS Scripts :: Notification Generator</title>
+<link rel="stylesheet" type="text/css" href="../general/style.css">
+<link rel="icon" type="image/png" href="../logo.png">
+<script src="notification.d/script.js"></script>
+</head><body>
 
-<h1>RouterOS-Scripts Notification Generator</h1>
+<table><tr>
+  <td><img src="../general/eworm-meadow.avif" alt="eworm on meadow" /></td>
+  <td><img src="../general/qr-code.png" alt="QR code: rsc.eworm.de" /></td>
+  <td class="head"><span class="top">RouterOS Scripts</span><br />
+    <span class="bottom">a collection of scripts for MikroTik RouterOS</span></td>
+</tr></table>
+<hr />
+
+<h1>Notification Generator</h1>
+
+<p><a href="../README.md">⬅️ Go back to main README</a></p>
+
+<blockquote style="/*! display */"><p>💡️ <strong>Hint</strong>: This site or links
+on it may be broken on code hosting sites. Use
+<a href="https://rsc.eworm.de/main/contrib/notification.html">Notification Generator</a>
+instead.</p></blockquote>
 
 <div class="notification">
   <img src="../logo.svg" alt="logo" class="logo" width=48 height=48>
@@ -16,8 +29,8 @@
   <p id="heading" class="heading">[<span id="hostname">MikroTik</span>] <span id="subject">ℹ️  Subject</span></p>
   <pre id="message">Message</pre>
   <p id="link" class="hint">🔗 <span id="link-text" class="link">https://eworm.de/</span></p>
-  <p id="queued" class="hint">⏰ This message was queued since <span id="queued-since">oct/18/2022 18:30:48</span> and may be obsolete.</p>
-  <p id="cut" class="hint">✂️ The message was too long and has been truncated, cut off <span id="cut-percent">13</span>%!</p>
+  <p id="queued" class="hint">⏰ This message was queued since <i><span id="queued-since">2025-10-29 16:06:18</span></i> and may be obsolete.</p>
+  <p id="cut" class="hint">✂️ The message was too long and has been truncated, cut off <i><span id="cut-percent">13</span>%</i>!</p>
   </div>
 </div>
 
@@ -25,11 +38,14 @@
 <p>Subject: <input type="text" size=50 value="ℹ️  Subject" onchange="update(this, 'subject')"></p>
 <p>Message: <textarea id="w3review" name="w3review" rows="4" cols="50" onchange="update(this, 'message')">Message</textarea></p>
 <p><input type="checkbox" onclick="visible(this, 'link')"> Show link: <input type="text" value="https://eworm.de/" onchange="update(this, 'link-text')"></p>
-<p><input type="checkbox" onclick="visible(this, 'queued')"> Queued since <input type="text" value="oct/18/2022 18:30:48" onchange="update(this, 'queued-since')"></p>
+<p><input type="checkbox" onclick="visible(this, 'queued')"> Queued since <input type="text" value="2025-10-29 16:06:18" onchange="update(this, 'queued-since')"></p>
 <p><input type="checkbox" onclick="visible(this, 'cut')"> Cut-off with <input type="number" min=1 max=99 value=13 onchange="update(this, 'cut-percent')"> percent</p>
 
 <p>Then right-click, click "<i>Take Screenshot</i>" and finally select the
 notification and download it.</p>
 
-</body>
-</html>
+<hr />
+
+<p><a href="../README.md">⬅️ Go back to main README</a><br/>
+<a href="#top">⬆️ Go back to top</a></p>
+</body></html>
diff --git a/contrib/template-capsman.sh b/contrib/template-capsman.sh
new file mode 100755
index 0000000..5771b53
--- /dev/null
+++ b/contrib/template-capsman.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+sed \
+	-e '/\/interface\/wifi\//d' \
+	-e '/\/interface\/wireless\//d' \
+	-e 's|%TEMPL%|.capsman|' \
+	-e '/^# NOT \/caps-man\/ #$/,/^# NOT \/caps-man\/ #$/d' \
+	-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
+	< "${1}"
diff --git a/contrib/template-local.sh b/contrib/template-local.sh
new file mode 100755
index 0000000..bc5b327
--- /dev/null
+++ b/contrib/template-local.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+sed \
+	-e '/\/caps-man\//d' \
+	-e '/\/interface\/wifi\//d' \
+	-e 's|%TEMPL%|.local|' \
+	-e '/^# NOT \/interface\/wireless\/ #$/,/^# NOT \/interface\/wireless\/ #$/d' \
+	-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
+	< "${1}"
diff --git a/contrib/template-wifi.sh b/contrib/template-wifi.sh
new file mode 100755
index 0000000..5e297d9
--- /dev/null
+++ b/contrib/template-wifi.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+
+set -e
+
+sed \
+	-e '/\/caps-man\//d' \
+	-e '/\/interface\/wireless\//d' \
+	-e 's|%TEMPL%|.wifi|' \
+	-e '/^# NOT \/interface\/wifi\/ #$/,/^# NOT \/interface\/wifi\/ #$/d' \
+	-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
+	< "${1}"
diff --git a/doc/mod/notification-matrix.md b/doc/mod/notification-matrix.md
index da6d6de..ad4cf4f 100644
--- a/doc/mod/notification-matrix.md
+++ b/doc/mod/notification-matrix.md
@@ -49,7 +49,7 @@ your server in device's certificate store.
 The example below is for `matrix.org`, which uses a trust chain from *Google
 Trust Services*. Run this to import the required certificate:
 
-    $CertificateAvailable "GTS Root R4";
+    $CertificateAvailable "GTS Root R4" "fetch";
 
 Replace the CA certificate name with what ever is needed for your server.
 You may want to find the
diff --git a/doc/mod/notification-telegram.md b/doc/mod/notification-telegram.md
index 804104f..f464ff0 100644
--- a/doc/mod/notification-telegram.md
+++ b/doc/mod/notification-telegram.md
@@ -106,10 +106,13 @@ chat with [BotFather ↗️](https://t.me/BotFather) and set it there.
 
 ![set profile photo](notification-telegram.d/setuserpic.avif)
 
-Have a look at my
-[RouterOS-Scripts Logo Color Changer](https://git.eworm.de/cgit/routeros-scripts/plain/contrib/logo-color.html)
+Have a look at my [Logo Color Changer](../../contrib/logo-color.html)
 to create a colored version of this scripts' logo.
 
+> 💡️ **Hint**: The above link may be broken on code hosting sites.
+> Use [Logo Color Changer](https://rsc.eworm.de/main/contrib/logo-color.html)
+> instead.
+
 See also
 --------
 
diff --git a/doc/mod/scriptrunonce.md b/doc/mod/scriptrunonce.md
index 955d12e..1fbb697 100644
--- a/doc/mod/scriptrunonce.md
+++ b/doc/mod/scriptrunonce.md
@@ -48,7 +48,7 @@ Usage and invocation
 The function `$ScriptRunOnce` expects an URL (or name if
 `ScriptRunOnceBaseUrl` is given) pointing to a script as parameter.
 
-    $ScriptRunOnce https://git.eworm.de/cgit/routeros-scripts/plain/doc/mod/scriptrunonce.d/hello-world.rsc;
+    $ScriptRunOnce https://rsc.eworm.de/main/doc/mod/scriptrunonce.d/hello-world.rsc;
 
 ![ScriptRunOnce](scriptrunonce.d/scriptrunonce.avif)
 
diff --git a/fw-addr-lists.d/allow b/fw-addr-lists.d/allow
index 8b59ed7..8c4ca3c 100644
--- a/fw-addr-lists.d/allow
+++ b/fw-addr-lists.d/allow
@@ -1,3 +1,3 @@
 # an ip address list for use with fw-addr-lists script
-# https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md
-git.eworm.de
+# https://rsc.eworm.de/doc/fw-addr-lists.md
+rsc.eworm.de
diff --git a/fw-addr-lists.d/block b/fw-addr-lists.d/block
index 5e9fef2..86a6c62 100644
--- a/fw-addr-lists.d/block
+++ b/fw-addr-lists.d/block
@@ -1,5 +1,5 @@
 # an ip address list for use with fw-addr-lists script
-# https://git.eworm.de/cgit/routeros-scripts/about/doc/fw-addr-lists.md
+# https://rsc.eworm.de/doc/fw-addr-lists.md
 
 # example.net
 93.184.216.34
diff --git a/fw-addr-lists.rsc b/fw-addr-lists.rsc
index c85cc8b..e5a71aa 100644
--- a/fw-addr-lists.rsc
+++ b/fw-addr-lists.rsc
@@ -74,7 +74,7 @@
 
       :if ([ :len ($List->"cert") ] > 0) do={
         :set CheckCertificate true;
-        :if ([ $CertificateAvailable ($List->"cert") ] = false) do={
+        :if ([ $CertificateAvailable ($List->"cert") "fetch" ] = false) do={
           $LogPrint warning $ScriptName ("Downloading required certificate (" . $FwListName . \
               " / " . $List->"url" . ") failed, trying anyway.");
         }
diff --git a/general/eworm-meadow.avif b/general/eworm-meadow.avif
new file mode 100644
index 0000000..f592d59
Binary files /dev/null and b/general/eworm-meadow.avif differ
diff --git a/README.d/upstream.png b/general/qr-code.png
similarity index 100%
rename from README.d/upstream.png
rename to general/qr-code.png
diff --git a/general/style.css b/general/style.css
new file mode 100644
index 0000000..ea9b111
--- /dev/null
+++ b/general/style.css
@@ -0,0 +1,95 @@
+/* stylesheet for RouterOS Scripts */
+body {
+  background-color: transparent;
+  font-family: fira-sans, sans-serif;
+  font-size: 10pt;
+  line-height: 1.6;
+}
+h2 {
+  border-bottom: 1px solid #ccc;
+  color: #000;
+}
+a {
+  text-decoration: none;
+}
+a:hover {
+  text-decoration: underline;
+}
+blockquote {
+  border-left: 4px solid #ccc;
+  padding: 0 10px;
+  color: #555;
+}
+code {
+  margin: 0 2px;
+  padding: 2px 5px;
+  border: 1px solid #ccc;
+  background-color: #f8f8f8;
+  border-radius: 3px;
+}
+div.notification {
+  position: relative;
+  float: none;
+  width: 600px;
+  border: 3px outset #6c5d53;
+  /* border-radius: 5px; */
+  padding: 10px;
+  background-color: #e6e6e6;
+}
+div.content {
+  padding-left: 60px;
+}
+img.logo {
+  float: left;
+  border-radius: 50%;
+}
+p.foot {
+  color: #777;
+  text-align: center;
+}
+p.heading {
+  margin: 0px;
+  font-weight: bold;
+  text-decoration: underline;
+}
+p.hint {
+  display: none;
+}
+pre {
+  font-family: fira-mono, monospace;
+  white-space: pre-wrap;
+  background-color: #f8f8f8;
+  border: 1px solid #ccc;
+  overflow: auto;
+  padding: 6px 10px;
+  border-radius: 3px;
+}
+pre code {
+  margin: 0;
+  padding: 0;
+  border: 0;
+}
+span.link {
+  color: #863600;
+}
+td.head {
+  line-height: 1.2;
+  padding: 0 2em;
+}
+td.head .top {
+  font-size: 250%;
+  font-weight: bold;
+}
+td.head .bottom {
+  font-size: 125%;
+  color: #555;
+}
+@media only screen and (orientation: landscape) {
+  body {
+    margin-left: 10vw;
+    margin-right: 10vw;
+  }
+  div.notification {
+    float: right;
+  }
+}
diff --git a/global-functions.rsc b/global-functions.rsc
index 5ede654..dccb8b6 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -106,11 +106,15 @@
 # check and download required certificate
 :set CertificateAvailable do={
   :local CommonName [ :tostr $1 ];
+  :local UseFor     [ :tostr $2 ];
 
   :global CertificateDownload;
+  :global EitherOr;
   :global LogPrint;
   :global ParseKeyValueStore;
 
+  :set UseFor [ $EitherOr $UseFor "undefined" ];
+
   :if ([ /system/resource/get free-hdd-space ] < 8388608 && \
        [ /certificate/settings/get crl-download ] = true && \
        [ /certificate/settings/get crl-store ] = "system") do={
@@ -123,7 +127,10 @@
     :return false;
   }
 
-  :if (([ /certificate/settings/get ]->"builtin-trust-anchors") = "trusted" && \
+  :local CertSettings [ /certificate/settings/get ];
+  :if ((($CertSettings->"builtin-trust-anchors") = "trusted" || \
+        ($CertSettings->"builtin-trust-store") ~ $UseFor || \
+        ($CertSettings->"builtin-trust-store") = "all") && \
        [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CommonName . "\" ] ]") ]] > 0) do={
     :return true;
   }
@@ -161,7 +168,6 @@
   :global ScriptUpdatesBaseUrl;
   :global ScriptUpdatesUrlSuffix;
 
-  :global CertificateAvailable;
   :global CertificateNameByCN;
   :global CleanName;
   :global FetchUserAgentStr;
@@ -398,7 +404,7 @@
     :return true;
   }
 
-  :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={
+  :if ([ $CertificateAvailable "ISRG Root X1" "fetch" ] = false) do={
     $LogPrint error $0 ("Downloading required certificate failed.");
     :return false;
   }
@@ -533,10 +539,16 @@
 :set FetchUserAgentStr do={
   :local Caller [ :tostr $1 ];
 
+  :global CommitId;
+  :global CommitInfo;
+
+  :global IfThenElse;
+
   :local Resource [ /system/resource/get ];
 
-  :return ("User-Agent: Mikrotik/" . $Resource->"version" . " " . \
-    $Resource->"architecture-name" . " " . $Caller . "/Fetch (https://rsc.eworm.de/)");
+  :return ("User-Agent: Mikrotik/" . $Resource->"version" . " " . $Resource->"architecture-name" . \
+    " " . $Caller . "/Fetch (https://rsc.eworm.de/" . [ $IfThenElse ($CommitId != "unknown") \
+    ("; " . $CommitInfo . "/" . [ :pick $CommitId 0 8 ]) ] . ")");
 }
 
 # check for existence of file, optionally with type
@@ -634,7 +646,7 @@
   }
 
   :do {
-    :if ([ $CertificateAvailable "GTS Root R4" ] = false) do={
+    :if ([ $CertificateAvailable "GTS Root R4" "fetch" ] = false) do={
       $LogPrint warning $0 ("Downloading required certificate failed.");
       :error false;
     }
@@ -1242,7 +1254,7 @@
   :global SymbolForNotification;
   :global ValidateSyntax;
 
-  :if ([ $CertificateAvailable "ISRG Root X2" ] = false) do={
+  :if ([ $CertificateAvailable "ISRG Root X2" "fetch" ] = false) do={
     $LogPrint warning $0 ("Downloading certificate failed, trying without.");
   }
 
@@ -1293,7 +1305,7 @@
       }
 
       :if ([ :len ($ScriptInfo->"certificate") ] > 0) do={
-        :if ([ $CertificateAvailable ($ScriptInfo->"certificate") ] = false) do={
+        :if ([ $CertificateAvailable ($ScriptInfo->"certificate") "fetch" ] = false) do={
           $LogPrint warning $0 ("Downloading certificate failed, trying without.");
         }
       }
@@ -1310,9 +1322,19 @@
         }
       } do={
         $LogPrint warning $0 ("Failed fetching script '" . $ScriptVal->"name" . "': " . $Err);
+        :if ($Err != "Fetch failed with status 404") do={
+          :error false;
+        }
+
         :if ($ScriptVal->"source" = "#!rsc by RouterOS\n") do={
           $LogPrint warning $0 ("Removing dummy. Typo on installation?");
           /system/script/remove $Script;
+          :error false;
+        }
+        :if ([ :len ($ScriptInfo->"base-url") ] = 0 && [ :len ($ScriptInfo->"url-suffix") ] = 0 && \
+             [ :len $CheckSum ] = 0) do={
+          $LogPrintOnce warning $0 \
+              ("Added the script manually? Skip updates with 'ignore=true' in comment.");
         }
         :error false;
       }
diff --git a/mod/notification-ntfy.rsc b/mod/notification-ntfy.rsc
index 7114020..dd10812 100644
--- a/mod/notification-ntfy.rsc
+++ b/mod/notification-ntfy.rsc
@@ -109,7 +109,7 @@
 
   :onerror Err {
     :if ($Server = "ntfy.sh") do={
-      :if ([ $CertificateAvailable "ISRG Root X1" ] = false) do={
+      :if ([ $CertificateAvailable "ISRG Root X1" "fetch" ] = false) do={
         $LogPrint warning $0 ("Downloading required certificate failed.");
         :error false;
       }
diff --git a/mod/notification-telegram.rsc b/mod/notification-telegram.rsc
index ff9b4da..b1996a3 100644
--- a/mod/notification-telegram.rsc
+++ b/mod/notification-telegram.rsc
@@ -30,7 +30,7 @@
     :return false;
   }
 
-  :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={
+  :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={
     $LogPrint warning $0 ("Downloading required certificate failed.");
     :return false;
   }
@@ -72,7 +72,7 @@
   :global CertificateAvailable;
   :global LogPrint;
 
-  :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={
+  :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={
     $LogPrint warning $0 ("Downloading required certificate failed.");
     :return false;
   }
@@ -197,7 +197,7 @@
       "&reply_to_message_id=" . ($Notification->"replyto") . "&message_thread_id=" . $ThreadId . \
       "&disable_web_page_preview=true&parse_mode=MarkdownV2");
   :onerror Err {
-    :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={
+    :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={
       $LogPrint warning $0 ("Downloading required certificate failed.");
       :error false;
     }
diff --git a/netwatch-dns.rsc b/netwatch-dns.rsc
index 9e2f9bc..eee5f85 100644
--- a/netwatch-dns.rsc
+++ b/netwatch-dns.rsc
@@ -112,7 +112,7 @@
 
   :foreach DohServer in=$DohServers do={
     :if ([ :len ($DohServer->"doh-cert") ] > 0) do={
-      :if ([ $CertificateAvailable ($DohServer->"doh-cert") ] = false) do={
+      :if ([ $CertificateAvailable ($DohServer->"doh-cert") "dns" ] = false) do={
         $LogPrint warning $ScriptName ("Downloading certificate failed, trying without.");
       }
     }
diff --git a/telegram-chat.rsc b/telegram-chat.rsc
index 7f7b7a7..54872fb 100644
--- a/telegram-chat.rsc
+++ b/telegram-chat.rsc
@@ -61,7 +61,7 @@
     :set TelegramRandomDelay 0;
   }
 
-  :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" ] = false) do={
+  :if ([ $CertificateAvailable "Go Daddy Root Certificate Authority - G2" "fetch" ] = false) do={
     $LogPrint warning $ScriptName ("Downloading required certificate failed.");
     :set ExitOK true;
     :error false;
diff --git a/update-tunnelbroker.rsc b/update-tunnelbroker.rsc
index 9057e1e..5372f4c 100644
--- a/update-tunnelbroker.rsc
+++ b/update-tunnelbroker.rsc
@@ -28,7 +28,7 @@
     :error false;
   }
 
-  :if ([ $CertificateAvailable "Starfield Root Certificate Authority - G2" ] = false) do={
+  :if ([ $CertificateAvailable "Starfield Root Certificate Authority - G2" "fetch" ] = false) do={
     $LogPrint error $ScriptName ("Downloading required certificate failed.");
     :set ExitOK true;
     :error false;