diff --git a/dnssec-trigger-0.17-openssl-3.2.patch b/dnssec-trigger-0.17-openssl-3.2.patch
deleted file mode 100644
index d1b9474..0000000
--- a/dnssec-trigger-0.17-openssl-3.2.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 7c3ff5b59952bc6bf11f988c9dbd961ae3c626ea Mon Sep 17 00:00:00 2001
-From: Petr Mensik <pemensik@redhat.com>
-Date: Tue, 10 Sep 2024 16:22:07 +0200
-Subject: [PATCH] Mark explicitly server cert with CA flag
-
-Since OpenSSL 3.2 it did not connect from control to server cert. Create
-server with indication is it CA.
-
-Also use clientAuth trust for CA cert. That allows control cert to be
-used for client authentication.
----
- dnssec-trigger-control-setup.sh.in | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/dnssec-trigger-control-setup.sh.in b/dnssec-trigger-control-setup.sh.in
-index 7cc305a..eede665 100644
---- a/dnssec-trigger-control-setup.sh.in
-+++ b/dnssec-trigger-control-setup.sh.in
-@@ -200,9 +200,9 @@ EOF
- test -f request.cfg || error "could not create request.cfg"
- 
- echo "create $SVR_BASE.pem (self signed certificate)"
--openssl req -key $SVR_BASE.key -config request.cfg  -new -x509 -days $DAYS -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem"
--# create trusted usage pem
--openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem"
-+openssl req -key $SVR_BASE.key -config request.cfg  -new -x509 -days $DAYS -addext "basicConstraints=critical,CA:TRUE,pathlen:0" -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem"
-+# create trusted usage pem for CA, what are signed certs allowed to do?
-+openssl x509 -in "$SVR_BASE.pem" -addtrust clientAuth -out "${SVR_BASE}_trust.pem"
- 
- # create client request and sign it, piped
- cat >request.cfg <<EOF
--- 
-2.46.0
-
diff --git a/dnssec-trigger-0.17-server-recipe.patch b/dnssec-trigger-0.17-server-recipe.patch
deleted file mode 100644
index a3f70d8..0000000
--- a/dnssec-trigger-0.17-server-recipe.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From f6b4cd17294d8faa8fd4d70110ac9da9916e7d61 Mon Sep 17 00:00:00 2001
-From: Petr Mensik <pemensik@redhat.com>
-Date: Wed, 20 Nov 2024 16:58:48 +0100
-Subject: [PATCH] Add recipe for adding own server
-
-Until someone adds nice support for using just CA bundle and server
-name, allow specification by fingerprint obtained manually. Do not rely
-only on server provided by upstream.
----
- dnssec.conf     | 4 ++--
- example.conf.in | 6 +++++-
- 2 files changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/dnssec.conf b/dnssec.conf
-index bf896d3..4726ca1 100644
---- a/dnssec.conf
-+++ b/dnssec.conf
-@@ -38,7 +38,7 @@
- #
- #  - See also security notes on the `add_wifi_provided_zones` option.
- #
--# validate_connection_provided_zones=yes
-+# validate_connection_provided_zones=no
- #
- #  - Connection provided zones will be configured in Unbound as secure forward
- #    zones, validated using DNSSEC.
-@@ -63,7 +63,7 @@
- #    Turning this option off has security implications, See the security
- #    notice above.
- #
--validate_connection_provided_zones=yes
-+validate_connection_provided_zones=no
- 
- # add_wifi_provided_zones:
- # ------------------------
-diff --git a/example.conf.in b/example.conf.in
-index dafd35d..f7e8a54 100644
---- a/example.conf.in
-+++ b/example.conf.in
-@@ -79,6 +79,11 @@ tcp80: 2a04:b900::10:0:0:67
- ssl443: 185.49.140.67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
- ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:66:0F:10:58:DC:A8:2E:C0:43:D4:77:5A:71:8A:CF
- 
-+# How to add your own record:
-+# openssl s_client -connect example.com:443 -showcerts </dev/null > /tmp/dns.crt
-+# openssl x509 -noout -in /tmp/dns.crt -fingerprint -sha256
-+# Append returned sha256 Fingerprint after ssl443: IP-address section.
-+
- # Use VPN servers for all traffic
- # use-vpn-forwarders: no
- 
-@@ -87,4 +92,3 @@ ssl443: 2a04:b900::10:0:0:67 7E:CF:B4:BE:B9:9A:56:0D:F7:3B:40:51:A4:78:E6:A6:FD:
- 
- # Add domains provided by VPN connections into Unbound forward zones
- # add-wifi-provided-zones: no
--
--- 
-2.47.0
-
diff --git a/dnssec-trigger.spec b/dnssec-trigger.spec
index 9928104..422708c 100644
--- a/dnssec-trigger.spec
+++ b/dnssec-trigger.spec
@@ -33,9 +33,6 @@ Patch4: 0004-Add-options-edns0-and-trust-ad.patch
 Patch5: dnssec-trigger-configure-c99.patch
 # https://github.com/NLnetLabs/dnssec-trigger/commit/f187c2be221a26f3c4ef4d9b16f1df67104ae634
 Patch6: dnssec-trigger-0.17-allowed-characters.patch
-Patch7: dnssec-trigger-0.17-openssl-3.2.patch
-# https://github.com/NLnetLabs/dnssec-trigger/pull/15
-Patch8: dnssec-trigger-0.17-server-recipe.patch
 
 # to obsolete the version in which the panel was in main package
 Obsoletes: %{name} < 0.12-22