This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
openbsd:acme-client [2020/03/29 10:16] net_wayfarer /etc/hosts is not needed here as DNS registrars don't look at individual hosts' /etc/hosts file |
openbsd:acme-client [2020/08/12 00:52] (current) jrmu |
||
|---|---|---|---|
| Line 12: | Line 12: | ||
| <code> | <code> | ||
| authority letsencrypt { | authority letsencrypt { | ||
| - | api url "https://acme-v01.api.letsencrypt.org/directory" | + | api url "https://acme-v02.api.letsencrypt.org/directory" |
| account key "/etc/acme/letsencrypt-privkey.pem" | account key "/etc/acme/letsencrypt-privkey.pem" | ||
| } | } | ||
| Line 46: | Line 46: | ||
| $ doas acme-client -Fv example.com | $ doas acme-client -Fv example.com | ||
| </code> | </code> | ||
| + | |||
| + | ==== Troubleshooting ==== | ||
| + | If you run into errors, check to make sure: | ||
| + | |||
| + | * [[openbsd:nsd|DNS]] is configured properly. | ||
| + | * The [[openbsd:www:openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.) | ||
| + | * You have the proper permissions set on the folders in /var/www/. An example output would be, | ||
| + | <code> | ||
| + | $ ls -l /var | grep www | ||
| + | drwxr-xr-x 11 root daemon 512 Mar 28 05:28 www | ||
| + | $ ls -l /var/www | ||
| + | total 36 | ||
| + | drwxr-xr-x 2 root daemon 512 Mar 28 22:16 acme | ||
| + | drwxr-xr-x 2 root daemon 512 Mar 14 06:12 bin | ||
| + | drwx-----T 2 www daemon 512 Oct 12 12:34 cache | ||
| + | drwxr-xr-x 2 root daemon 512 Mar 14 06:12 cgi-bin | ||
| + | drwxr-xr-x 2 root daemon 512 Mar 14 06:03 conf | ||
| + | drwxr-xr-x 3 root daemon 512 Oct 12 12:34 htdocs | ||
| + | drwxr-xr-x 2 root daemon 512 Mar 29 00:00 logs | ||
| + | drwxr-xr-x 2 root daemon 512 Oct 12 12:34 run | ||
| + | </code> | ||
| + | * Your firewall is not configured to block Let's Encrypt certification verification process. Typically it will initiate a few servers to connect to port 80 on your server. | ||
| ==== Successful outcomes ==== | ==== Successful outcomes ==== | ||
| Line 90: | Line 112: | ||
| </code> | </code> | ||
| - | ==== Troubleshooting ==== | + | ==== Common errors ==== |
| - | If you run into errors, check to make sure: | + | |
| + | Do not request domains you don't own | ||
| + | If you change the domains, you need to move the cert and request again | ||
| - | * [[openbsd:nsd|DNS]] is configured properly. | ||
| - | * The [[openbsd:www:openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. | ||
| - | * You have the proper permissions set on the folders in /var/www/. An example output would be, | ||
| - | <code> | ||
| - | $ ls -l /var | grep www | ||
| - | drwxr-xr-x 11 root daemon 512 Mar 28 05:28 www | ||
| - | $ ls -l /var/www | ||
| - | total 36 | ||
| - | drwxr-xr-x 2 root daemon 512 Mar 28 22:16 acme | ||
| - | drwxr-xr-x 2 root daemon 512 Mar 14 06:12 bin | ||
| - | drwx-----T 2 www daemon 512 Oct 12 12:34 cache | ||
| - | drwxr-xr-x 2 root daemon 512 Mar 14 06:12 cgi-bin | ||
| - | drwxr-xr-x 2 root daemon 512 Mar 14 06:03 conf | ||
| - | drwxr-xr-x 3 root daemon 512 Oct 12 12:34 htdocs | ||
| - | drwxr-x--- 2 root www 512 Mar 28 05:28 letsencrypt | ||
| - | drwxr-xr-x 2 root daemon 512 Mar 29 00:00 logs | ||
| - | drwxr-xr-x 2 root daemon 512 Oct 12 12:34 run | ||
| - | </code> | ||
| - | * Your firewall is not configured to block Let's Encrypt certification verification process. Typically it will initiate a few servers to connect to port 80 on your server. | ||