Hey Stuart, It worked, many thanks!
I've read the acme-client manpage many times and it wasn't clear that acme-client will use an existing key, if present. Perhaps adding this information to the manpage, including ssl(8) in the SEE ALSO section, could help others as well. Thanks again, --K On Thu, Nov 5, 2020 at 7:04 AM Stuart Henderson <[email protected]> wrote: > Generate your own key if you want a specific type of curve, same as if you > want a specific key length with RSA. See "GENERATING ECDSA SERVER > CERTIFICATES" in ssl(8) and set things to use one of the curves allowed by > the CA. acme-client will use your own key if it already exists otherwise it > will create a new 4096-bit RSA key or secp384r1 ECDSA key by default. > > -- > Sent from a phone, apologies for poor formatting. > > > On 4 November 2020 20:29:57 K R <[email protected]> wrote: > > Synopsis: acme-client won't work with buypass.com ECDSA domain keys >>> Category: system sparc64 >>> Environment: >>> >> System : OpenBSD 6.8 >> Details : OpenBSD 6.8 (GENERIC) #477: Sun Oct 4 20:36:17 MDT >> 2020 >> [email protected]: >> /usr/src/sys/arch/sparc64/compile/GENERIC >> >> Architecture: OpenBSD.sparc64 >> Machine : sparc64 >> >>> Description: >>> >> >> When using an ecdsa domain key with buypass.com, acme-client >> receives this error: >> >> "Curve is not of type secp256r1 or prime256v1" >> >> How-To-Repeat: >>> >> >> With the following conf, the error below is shown: >> >> ------------------------------------------------------------------------ >> domain example.org { >> alternative names { www.example.org } >> domain key "/etc/ssl/private/example.org.key" ecdsa >> domain full chain certificate "/etc/ssl/example.org.fullchain.pem" >> sign with buypass >> } >> ------------------------------------------------------------------------ >> server# acme-client -v example.org >> acme-client: https://api.buypass.com/acme/directory: directories >> acme-client: api.buypass.com: DNS: 185.62.162.162 >> acme-client: >> >> https://api.buypass.com/acme/order/-VX9VLMpbD5HUKIR39u0bE4Dvk-U15VWUi9lO406Lxo/finalize >> : >> certificate >> acme-client: >> >> https://api.buypass.com/acme/order/-VX9VLMpbD5HUKIR39u0bE4Dvk-U15VWUi9lO406Lxo/finalize >> : >> bad HTTP: 400 >> acme-client: transfer buffer: >> [{"type":"urn:ietf:params:acme:error:malformed","detail":"Curve is not of >> type secp256r1 or >> prime256v1","code":400,"message":"MALFORMED_BAD_REQUEST","details":"HTTP >> 400 Bad Request"}] (181 bytes) >> acme-client: bad exit: netproc(9045): 1 >> ------------------------------------------------------------------------ >> >>> Fix: >>> >> Unknown. >> >> -EOF >> > >
