IRCNow

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
openbsd:acme-client [2020/03/29 14:23]
net_wayfarer Reorganised the page layout for easier reading.
openbsd:acme-client [2020/08/12 00:52] (current)
jrmu
Line 12: Line 12:
 <​code>​ <​code>​
 authority letsencrypt { authority letsencrypt {
-        api url "​https://​acme-v01.api.letsencrypt.org/​directory"​+        api url "​https://​acme-v02.api.letsencrypt.org/​directory"​
         account key "/​etc/​acme/​letsencrypt-privkey.pem"​         account key "/​etc/​acme/​letsencrypt-privkey.pem"​
 } }
Line 51: Line 51:
  
   * [[openbsd:​nsd|DNS]] is configured properly. ​   * [[openbsd:​nsd|DNS]] is configured properly. ​
-  * The [[openbsd:​www:​openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work.+  * The [[openbsd:​www:​openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.)
   * You have the proper permissions set on the folders in /var/www/. An example output would be,   * You have the proper permissions set on the folders in /var/www/. An example output would be,
 <​code>​ <​code>​
Line 64: Line 64:
 drwxr-xr-x ​ 2 root  daemon ​ 512 Mar 14 06:03 conf drwxr-xr-x ​ 2 root  daemon ​ 512 Mar 14 06:03 conf
 drwxr-xr-x ​ 3 root  daemon ​ 512 Oct 12 12:34 htdocs drwxr-xr-x ​ 3 root  daemon ​ 512 Oct 12 12:34 htdocs
-drwxr-x--- ​ 2 root  www     512 Mar 28 05:28 letsencrypt 
 drwxr-xr-x ​ 2 root  daemon ​ 512 Mar 29 00:00 logs drwxr-xr-x ​ 2 root  daemon ​ 512 Mar 29 00:00 logs
 drwxr-xr-x ​ 2 root  daemon ​ 512 Oct 12 12:34 run drwxr-xr-x ​ 2 root  daemon ​ 512 Oct 12 12:34 run
Line 112: Line 111:
 acme-client:​ /​etc/​ssl/​example.com.fullchain.pem:​ created acme-client:​ /​etc/​ssl/​example.com.fullchain.pem:​ created
 </​code>​ </​code>​
 +
 +==== Common errors ====
 +
 +Do not request domains you don't own
 +If you change the domains, you need to move the cert and request again