Today acme-client renewed all but 2 of my domains; the two that have "alternative names" in the certificates. I cannot get it to renew those two. This is on amd64 on 6.6-current, updated today.
My acme-config.conf is the latest example version, with the v2 URLs and with example.com replaced by my domains. # # $OpenBSD: acme-client.conf,v 1.2 2019/06/07 08:08:30 florian Exp $ # authority letsencrypt { api url "https://acme-v02.api.letsencrypt.org/directory" account key "/etc/acme/letsencrypt-privkey.pem" } authority letsencrypt-staging { api url "https://acme-staging-v02.api.letsencrypt.org/directory" account key "/etc/acme/letsencrypt-staging-privkey.pem" } domain androidcookbook.com { alternative names { androidcookbook.net } domain key "/etc/ssl/private/androidcookbook.com.key" domain certificate "/etc/ssl/androidcookbook.com.crt" domain full chain certificate "/etc/ssl/androidcookbook.com.fullchain.pem" sign with letsencrypt } domain annabot.org { domain key "/etc/ssl/private/annabot.org.key" domain certificate "/etc/ssl/annabot.org.crt" domain full chain certificate "/etc/ssl/annabot.org.fullchain.pem" sign with letsencrypt } ... The first domain fails, the second one succeeded. $ doas acme-client androidcookbook.com acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: 172.65.32.248: tls_close: EOF without close notify $ echo $? 1 $ IDK what those EOF w/o notify are caused by, but the domains that worked also gave a similar bunch of that message. Running with -v does not give any useful info except it ends with -1: $ doas acme-client -v -F androidcookbook.com acme-client: /etc/ssl/androidcookbook.com.crt: certificate renewable: 29 days left acme-client: https://acme-v02.api.letsencrypt.org/directory: directories acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248 acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/882690343 acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: challenge, token: 22zE2mRAquYtRmY0lMxiCVfYXcTLEUEm78rRa6Nt0So, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690343/im5q-Q, status: 0 acme-client: /var/www/acme/22zE2mRAquYtRmY0lMxiCVfYXcTLEUEm78rRa6Nt0So: created acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690343/im5q-Q: challenge acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/882690357 acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: challenge, token: XQm6jdVi6yzlFJHP8ucI8d3AenQFl81KqfC4tNlaDsU, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690357/7cuNOw, status: 0 acme-client: /var/www/acme/XQm6jdVi6yzlFJHP8ucI8d3AenQFl81KqfC4tNlaDsU: created acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690357/7cuNOw: challenge acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: 172.65.32.248: tls_close: EOF without close notify acme-client: order.status -1 acme-client: bad exit: netproc(82984): 1 $ Any thoughts or more info? Thx.