Ricardo Mestre transcribed 2.6K bytes:
> Hi Nils,
>
> By any chance does your acme-client.conf contains "agreement url"
No, it doesn't:
cat /etc/acme-client.conf
#
# $OpenBSD: acme-client.conf,v 1.6 2017/11/27 01:59:55 florian Exp $
#
authority letsencrypt {
api url "https://acme-v01.api.letsencrypt.org/directory";
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
api url "https://acme-staging.api.letsencrypt.org/directory";
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
(and here the domain part)
> lines? If yes please remove them and run acme-client again.
>
> /mestre
>
> On 10:57 Tue 03 Apr , Nils Gillmann wrote:
> > Hi,
> >
> > what's the deal with acme-client? back on 6.2 and now on 6.3 I never
> > managed to
> > make it run with positive results.
> >
> > my httpd has this in the server definition:
> >
> > location "/.well-known/acme-challenge/*" {
> > root { "/acme", strip 2 }
> > }
> >
> > the server listens on port 80.
> >
> > acme-client.conf contains this in addition to the 6.3 defaults:
> >
> > domain git.infotropique.org {
> > alternative names { c.n0.is code.crash.cx }
> > domain key "/etc/ssl/private/git.infotropique.org.key"
> > domain certificate "/etc/ssl/git.infotropique.org.crt"
> > domain full chain certificate
> > "/etc/ssl/git.infotropique.org.fullchain.pem"
> > sign with letsencrypt
> > }
> >
> > Yet running acme-client -vvAD git.infotropique.org results in:
> >
> > acme-client: /etc/ssl/private/git.infotropique.org.key: domain key exists
> > (not creating)
> > acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists (not
> > creating)
> > acme-client: /etc/ssl/private/git.infotropique.org.key: loaded RSA domain
> > key
> > acme-client: /etc/acme/letsencrypt-privkey.pem: loaded RSA account key
> > acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
> > acme-client: acme-v01.api.letsencrypt.org: DNS: 23.43.120.29
> > acme-client: transfer buffer: [{ "key-change":
> > "https://acme-v01.api.letsencrypt.org/acme/key-change";, "meta": {
> > "caaIdentities": [ "letsencrypt.org" ], "terms-of-service":
> > "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf";,
> > "website": "https://letsencrypt.org"; }, "new-authz":
> > "https://acme-v01.api.letsencrypt.org/acme/new-authz";, "new-cert":
> > "https://acme-v01.api.letsencrypt.org/acme/new-cert";, "new-reg":
> > "https://acme-v01.api.letsencrypt.org/acme/new-reg";, "revoke-cert":
> > "https://acme-v01.api.letsencrypt.org/acme/revoke-cert";, "rkQQNutMuUA":
> > "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417";
> > }] (658 bytes)
> > acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth:
> > git.infotropique.org
> > acme-client: acme-v01.api.letsencrypt.org: cached
> > acme-client: acme-v01.api.letsencrypt.org: cached
> > acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP:
> > 403
> > acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized",
> > "detail": "No registration exists matching provided key", "status": 403 }]
> > (120 bytes)
> > acme-client: bad exit: netproc(35077): 1
> >
> >
> > Obviously httpd is running.
> >
> > Is there something I'm missing?
> >
>
