Hi Misc, I have done this half dozen times in the past but I am having helluva time using acme-client to sign certificate for a domain. Any clues? Please see below machine, acme-client.conf and httpd.conf files
# uname -a OpenBSD mcba.autonlab.org 6.2 GENERIC.MP#2 amd64 # more /etc/acme-client.conf # # $OpenBSD: acme-client.conf,v 1.4 2017/03/22 11:14:14 benno Exp $ # authority letsencrypt { agreement url "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" api url "https://acme-v01.api.letsencrypt.org/directory" account key "/etc/acme/letsencrypt-privkey.pem" } authority letsencrypt-staging { agreement url "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" api url "https://acme-staging.api.letsencrypt.org/directory" account key "/etc/acme/letsencrypt-staging-privkey.pem" } domain mcba.autonlab.org { # alternative names { secure.mcba.autonlab.org } domain key "/etc/ssl/acme/private/mcba.autonlab.org.key" domain certificate "/etc/ssl/acme/mcba.autonlab.org.crt" domain full chain certificate "/etc/ssl/acme/mcba.autonlab.org.fullchain.pem" sign with letsencrypt } # more /etc/httpd.conf # $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49 ajacoutot Exp $ # # Macros # ext_addr="*" # # Global Options # # prefork 3 # # Servers # # A name-based "virtual" server on the same address # server "mcba.autonlab.org" { server "mcba.autonlab.org" { listen on $ext_addr port 80 location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } # block return 301 "https://$SERVER_NAME$REQUEST_URI" } # An HTTPS server using SSL/TLS # server "mcba.autonlab.org" { # listen on $ext_addr tls port 443 # TLS certificate and key files created with acme-client(1) # tls certificate "/etc/ssl/acme/www.autonsys.com.fullchain.pem" # tls key "/etc/ssl/acme/private/www.autonsys.com.key" # Define server-specific log files relative to /logs # log { access "secure-access.log", error "secure-error.log" } # Increase connection limits to extend the lifetime # connection { max requests 500, timeout 3600 } # root "/htdocs/mcba/pub" #} # Include MIME types instead of the built-in ones types { include "/usr/share/misc/mime.types" } # acme-client -vAD mcba.autonlab.org acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists (not creating) acme-client: /etc/ssl/acme/private/mcba.autonlab.org.key: generated RSA domain key acme-client: https://acme-v01.api.letsencrypt.org/directory: directories acme-client: acme-v01.api.letsencrypt.org: DNS: 23.196.58.251 acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: mcba.autonlab.org acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 403 acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized", "detail": "No registration exists matching provided key", "status": 403 }] (120 bytes) acme-client: bad exit: netproc(58513): 1