Re: [OpenBSD 6.1] acme-client + nginx

[Stephane HUC "PengouinBSD"]

Le 07/06/17 à 12:03, Stuart Henderson a écrit :
(...)
> 
> /usr/local/www seems unlikely on OpenBSD.
> 
> I just have
> 
>         location /.well-known/acme-challenge { root /var/www/letsencrypt/; }
> 
> and
> 
>         challengedir "/var/www/letsencrypt/.well-known/acme-challenge"
>  
> but there are several ways you can configure this. (e.g. you might want
> to use a different directory layout if you have anything else that uses
> the RFC5785 .well-known URIs). It doesn't matter what you use as long as
> letsencrypt can fetch the file that acme-client wrote.
> 
> 

OK, it's run correctly as you wrote.

I changed nginx:

location ^~ /.well-known/acme-challenge {
                allow all;
                #default_type "text/plain";
                root /var/www/acme/test.obsd4a.net/;
        }

I changed acme-client.conf:

        challengedir "/var/www/acme/test.obsd4a.net/.well-known/acme-challenge"

And, the result is:

$ doas acme-client -vAD test.obsd4a.net
acme-client: /etc/ssl/acme/private/test.obsd4a.net-privkey.pem: domain
key exists (not creating)
acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists (not
creating)
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 184.87.72.109
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz:
req-auth: test.obsd4a.net
acme-client:
/var/www/acme/test.obsd4a.net/.well-known/acme-challenge/cugIljWXyalHSHnsOa51W4BoBEW5n0_JctHP8Y59l8U:
created
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/_8nN0V__nplwfEcqpwa698yd4bKBywHRWrOj8Hl33I8/1489582140:
challenge
acme-client:
https://acme-v01.api.letsencrypt.org/acme/challenge/_8nN0V__nplwfEcqpwa698yd4bKBywHRWrOj8Hl33I8/1489582140:
status
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-cert: certificate
acme-client: http://cert.int-x3.letsencrypt.org/: full chain
acme-client: cert.int-x3.letsencrypt.org: DNS: 88.221.234.34
acme-client: /etc/ssl/acme//test.obsd4a.net-chain.pem: created
acme-client: /etc/ssl/acme/test.obsd4a.net-cert.pem: created
acme-client: /etc/ssl/acme//test.obsd4a.net-fullchain.pem: created

Thank you! :D


-- 
~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<<
----
<me>Stephane HUC as PengouinBSD or CIOTBSD</me>
<mail>b...@stephane-huc.net</mail>

signature.asc
Description: OpenPGP digital signature