Today acme-client renewed all but 2 of my domains; the two that have
"alternative names"
in the certificates. I cannot get it to renew those two. This is on amd64 on
6.6-current,
updated today.
My acme-config.conf is the latest example version, with the v2 URLs and with
example.com replaced by
my domains.
#
# $OpenBSD: acme-client.conf,v 1.2 2019/06/07 08:08:30 florian Exp $
#
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory";
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
api url "https://acme-staging-v02.api.letsencrypt.org/directory";
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
domain androidcookbook.com {
alternative names { androidcookbook.net }
domain key "/etc/ssl/private/androidcookbook.com.key"
domain certificate "/etc/ssl/androidcookbook.com.crt"
domain full chain certificate
"/etc/ssl/androidcookbook.com.fullchain.pem"
sign with letsencrypt
}
domain annabot.org {
domain key "/etc/ssl/private/annabot.org.key"
domain certificate "/etc/ssl/annabot.org.crt"
domain full chain certificate
"/etc/ssl/annabot.org.fullchain.pem"
sign with letsencrypt
}
...
The first domain fails, the second one succeeded.
$ doas acme-client androidcookbook.com
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: 172.65.32.248: tls_close: EOF without close notify
$ echo $?
1
$
IDK what those EOF w/o notify are caused by, but the domains that worked
also gave a similar bunch of that message.
Running with -v does not give any useful info except it ends with -1:
$ doas acme-client -v -F androidcookbook.com
acme-client: /etc/ssl/androidcookbook.com.crt: certificate renewable: 29 days
left
acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: dochngreq:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/882690343
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: challenge, token: 22zE2mRAquYtRmY0lMxiCVfYXcTLEUEm78rRa6Nt0So,
uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690343/im5q-Q,
status: 0
acme-client: /var/www/acme/22zE2mRAquYtRmY0lMxiCVfYXcTLEUEm78rRa6Nt0So: created
acme-client:
https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690343/im5q-Q: challenge
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: dochngreq:
https://acme-v02.api.letsencrypt.org/acme/authz-v3/882690357
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: challenge, token: XQm6jdVi6yzlFJHP8ucI8d3AenQFl81KqfC4tNlaDsU,
uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690357/7cuNOw,
status: 0
acme-client: /var/www/acme/XQm6jdVi6yzlFJHP8ucI8d3AenQFl81KqfC4tNlaDsU: created
acme-client:
https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690357/7cuNOw: challenge
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: 172.65.32.248: tls_close: EOF without close notify
acme-client: order.status -1
acme-client: bad exit: netproc(82984): 1
$
Any thoughts or more info? Thx.
