Good morning,
> Today acme-client renewed all but 2 of my domains; the two that have
> "alternative names" in the certificates. I cannot get it to renew
> those two. This is on amd64 on 6.6-current, updated today.
I can reproduce this on amd64 current, as well as on 6.6.
Same error and and very similar configuration based on the one in
/etc/examples.
Daniel
> My acme-config.conf is the latest example version, with the v2 URLs
> and with example.com replaced by my domains.
>
> #
> # $OpenBSD: acme-client.conf,v 1.2 2019/06/07 08:08:30 florian Exp $
> #
> authority letsencrypt {
> api url "https://acme-v02.api.letsencrypt.org/directory";
> account key "/etc/acme/letsencrypt-privkey.pem"
> }
>
> authority letsencrypt-staging {
> api url "https://acme-staging-v02.api.letsencrypt.org/directory";
> account key "/etc/acme/letsencrypt-staging-privkey.pem"
> }
>
> domain androidcookbook.com {
> alternative names { androidcookbook.net }
> domain key "/etc/ssl/private/androidcookbook.com.key"
> domain certificate "/etc/ssl/androidcookbook.com.crt"
> domain full chain certificate
> "/etc/ssl/androidcookbook.com.fullchain.pem"
> sign with letsencrypt
> }
> domain annabot.org {
> domain key "/etc/ssl/private/annabot.org.key"
> domain certificate "/etc/ssl/annabot.org.crt"
> domain full chain certificate
> "/etc/ssl/annabot.org.fullchain.pem"
> sign with letsencrypt
> }
> ...
>
> The first domain fails, the second one succeeded.
>
> $ doas acme-client androidcookbook.com
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> $ echo $?
> 1
> $
>
> IDK what those EOF w/o notify are caused by, but the domains that worked
> also gave a similar bunch of that message.
>
> Running with -v does not give any useful info except it ends with -1:
>
> $ doas acme-client -v -F androidcookbook.com
> acme-client: /etc/ssl/androidcookbook.com.crt: certificate renewable: 29 days
> left
> acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
> acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/882690343
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: challenge, token: 22zE2mRAquYtRmY0lMxiCVfYXcTLEUEm78rRa6Nt0So,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690343/im5q-Q,
> status: 0
> acme-client: /var/www/acme/22zE2mRAquYtRmY0lMxiCVfYXcTLEUEm78rRa6Nt0So:
> created
> acme-client:
> https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690343/im5q-Q: challenge
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/882690357
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: challenge, token: XQm6jdVi6yzlFJHP8ucI8d3AenQFl81KqfC4tNlaDsU,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690357/7cuNOw,
> status: 0
> acme-client: /var/www/acme/XQm6jdVi6yzlFJHP8ucI8d3AenQFl81KqfC4tNlaDsU:
> created
> acme-client:
> https://acme-v02.api.letsencrypt.org/acme/chall-v3/882690357/7cuNOw: challenge
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: 172.65.32.248: tls_close: EOF without close notify
> acme-client: order.status -1
> acme-client: bad exit: netproc(82984): 1
> $
>
>
> Any thoughts or more info? Thx.
