This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
openbsd:acme-client [2020/03/29 14:23] net_wayfarer Reorganised the page layout for easier reading. |
openbsd:acme-client [2020/08/12 00:52] (current) jrmu |
||
---|---|---|---|
Line 12: | Line 12: | ||
<code> | <code> | ||
authority letsencrypt { | authority letsencrypt { | ||
- | api url "https://acme-v01.api.letsencrypt.org/directory" | + | api url "https://acme-v02.api.letsencrypt.org/directory" |
account key "/etc/acme/letsencrypt-privkey.pem" | account key "/etc/acme/letsencrypt-privkey.pem" | ||
} | } | ||
Line 51: | Line 51: | ||
* [[openbsd:nsd|DNS]] is configured properly. | * [[openbsd:nsd|DNS]] is configured properly. | ||
- | * The [[openbsd:www:openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. | + | * The [[openbsd:www:openhttpd|web server]] is configured properly. You **must** have a web server in order for the acme-client to work. (Don't be confused here if your web server seems not running in a web browser: the example config redirects all visits to the https port, that may not yet be working yet.) |
* You have the proper permissions set on the folders in /var/www/. An example output would be, | * You have the proper permissions set on the folders in /var/www/. An example output would be, | ||
<code> | <code> | ||
Line 64: | Line 64: | ||
drwxr-xr-x 2 root daemon 512 Mar 14 06:03 conf | drwxr-xr-x 2 root daemon 512 Mar 14 06:03 conf | ||
drwxr-xr-x 3 root daemon 512 Oct 12 12:34 htdocs | drwxr-xr-x 3 root daemon 512 Oct 12 12:34 htdocs | ||
- | drwxr-x--- 2 root www 512 Mar 28 05:28 letsencrypt | ||
drwxr-xr-x 2 root daemon 512 Mar 29 00:00 logs | drwxr-xr-x 2 root daemon 512 Mar 29 00:00 logs | ||
drwxr-xr-x 2 root daemon 512 Oct 12 12:34 run | drwxr-xr-x 2 root daemon 512 Oct 12 12:34 run | ||
Line 112: | Line 111: | ||
acme-client: /etc/ssl/example.com.fullchain.pem: created | acme-client: /etc/ssl/example.com.fullchain.pem: created | ||
</code> | </code> | ||
+ | |||
+ | ==== Common errors ==== | ||
+ | |||
+ | Do not request domains you don't own | ||
+ | If you change the domains, you need to move the cert and request again | ||