I have following configuration: OpenBSD amd64 6.7
acme-client.conf: authority letsencrypt { api url "https://acme-v02.api.letsencrypt.org/directory" account key "/etc/acme/letsencrypt-privkey.pem" } authority letsencrypt-staging { api url "https://acme-staging-v02.api.letsencrypt.org/directory" account key "/etc/acme/letsencrypt-staging-privkey.pem" } domain myserver.com { alternative names { www.myserver.com, mail.myserver.com } domain key "/etc/ssl/private/myserver.com.key" domain certificate "/etc/ssl/myserver.com.crt" domain full chain certificate "/etc/ssl/myserver.com.fullchain.pem" sign with letsencrypt } httpd.conf: server "myserver.com" { listen on * port 80 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location * { block return 302 "https://$HTTP_HOST$REQUEST_URI" } } server "myserver.com" { listen on * tls port 443 tls { certificate "/etc/ssl/myserver.com.fullchain.pem" key "/etc/ssl/private/myserver.com.key" } location "/pub/*" { directory auto index } location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } } when running acme-client as root, I get the following: acme-client -vF myserver.com acme-client: https://acme-v02.api.letsencrypt.org/directory: directories acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248 acme-client: dochngreq: ... acme-client: challenge, token: ... status: 2 acme-client: dochngreq: .... acme-client: challenge, token: .... , status: 2 acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4766326725 acme-client: challenge, token: ... , status: 0 acme-client: /var/www/acme/...: created acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/4766326725/TzAk5w: challenge acme-client: order.status -1 acme-client: bad exit: netproc(62115): 1 Thank you for your kind help