redirect to base URL without args from twitter, storing status messages in tempfile
make cert login a separate subdirectory, as cacert.org does