Differences

This shows you the differences between two versions of the page.

--- openbsd:acme-client [2020/03/29 06:18]
net_wayfarer Fleshed out this page to contain examples on both successful and troubleshooting outcomes. Split the page into sections, and emphasised the need to set up httpd which is needed.
+++ openbsd:acme-client [2020/08/12 00:52] (current)
jrmu
@@ Line 12: / Line 12: @@
 <code>
 authority letsencrypt {
-        api url "https://acme-v01.api.letsencrypt.org/directory"
+        api url "https://acme-v02.api.letsencrypt.org/directory"
         account key "/etc/acme/letsencrypt-privkey.pem"
 }
@@ Line 46: / Line 46: @@
 $ doas acme-client -Fv example.com
 </code>
+==== Troubleshooting ====
+If you run into errors, check to make sure:
+  * [[openbsd:nsd|DNS]] is configured properly.
+  * The [[openbsd:www:openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.)
+  * You have the proper permissions set on the folders in /var/www/. An example output would be,
+<code>
+$ ls -l /var | grep www
+drwxr-xr-x  11 root     daemon     512 Mar 28 05:28 www
+$ ls -l /var/www
+total 36
+drwxr-xr-x  2 root  daemon  512 Mar 28 22:16 acme
+drwxr-xr-x  2 root  daemon  512 Mar 14 06:12 bin
+drwx-----T  2 www   daemon  512 Oct 12 12:34 cache
+drwxr-xr-x  2 root  daemon  512 Mar 14 06:12 cgi-bin
+drwxr-xr-x  2 root  daemon  512 Mar 14 06:03 conf
+drwxr-xr-x  3 root  daemon  512 Oct 12 12:34 htdocs
+drwxr-xr-x  2 root  daemon  512 Mar 29 00:00 logs
+drwxr-xr-x  2 root  daemon  512 Oct 12 12:34 run
+</code>
+  * Your firewall is not configured to block Let's Encrypt certification verification process. Typically it will initiate a few servers to connect to port 80 on your server.
 ==== Successful outcomes ====
@@ Line 90: / Line 112: @@
 </code>
-==== Troubleshooting ====
+==== Common errors ====
-If you run into errors, check to make sure:
+Do not request domains you don't own
+If you change the domains, you need to move the cert and request again
-  * [[openbsd:nsd|DNS]] is configured properly. You may be able to rectify this by simply adding hostnames to your /etc/hosts, such as:
-<code>
-::1		localhost
-.0.0.1	localhost
-$ext_if		$qualified_domain_name
-</code>
-Where $ext_if is the IP address of your server, and $qualified_domain_name is your qualified hostname. e.g. if $ext_if is 192.168.0.1 $qualified_domain_name is example.com, it would then be
-<code>
-::1		localhost
-.0.0.1	localhost
-.168.0.1	example.com
-</code>
-  * The [[openbsd:www:openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work.
-  * You have the proper permissions set on the folders in /var/www/. An example output would be,
-<code>
-$ ls -l /var | grep www
-drwxr-xr-x  11 root     daemon     512 Mar 28 05:28 www
-$ ls -l /var/www
-total 36
-drwxr-xr-x  2 root  daemon  512 Mar 28 22:16 acme
-drwxr-xr-x  2 root  daemon  512 Mar 14 06:12 bin
-drwx-----T  2 www   daemon  512 Oct 12 12:34 cache
-drwxr-xr-x  2 root  daemon  512 Mar 14 06:12 cgi-bin
-drwxr-xr-x  2 root  daemon  512 Mar 14 06:03 conf
-drwxr-xr-x  3 root  daemon  512 Oct 12 12:34 htdocs
-drwxr-x---  2 root  www     512 Mar 28 05:28 letsencrypt
-drwxr-xr-x  2 root  daemon  512 Mar 29 00:00 logs
-drwxr-xr-x  2 root  daemon  512 Oct 12 12:34 run
-</code>
-  * Your firewall is not configured to block Let's Encrypt certification verification process. Typically it will initiate a few servers to connect to port 80 on your server.

IRCNow

Page Tools

Site Tools

User Tools

Differences