On Tue, Dec 29, 2020 at 07:57:58AM -0500, Daniel Jakots wrote:
> On Tue, 29 Dec 2020 03:44:03 -0600, Chris Bennett
> <cpb_po...@bennettconstruction.us> wrote:
>
> > dmesg is always a mess (How can I fix that?)
>
> Hard to give a proper fix when the problem is uncertain. Assuming the
> "mess" you're mentioning is that dmesg(8) shows previous boots as well,
> you can take /var/run/dmesg.boot.
>
>
> Regarding your TLS problem
> $ nc -zvc bennettconstruction.us 443
> Connection to bennettconstruction.us (172.107.198.233) 443 port [tcp/https]
> succeeded!
> nc: tls handshake failed (certificate verification failed: unable to get
> local issuer certificate)
>
>
> Check your certificate chains. Most likely the problem is in your
> acme-client.conf so feel free to post it if you can't find the solution.
>
Chris
Inline notes:
#
# $OpenBSD: acme-client.conf,v 1.2 2019/06/07 08:08:30 florian Exp $
#
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory";
account key "/etc/acme/letsencrypt-privkey.pem"
What is this file?? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
}
authority letsencrypt-staging {
api url "https://acme-staging-v02.api.letsencrypt.org/directory";
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
domain bennettconstruction.us {
alternative names { www.bennettconstruction.us }
domain key "/etc/ssl/private/bennettconstruction.us.key"
domain certificate "/etc/ssl/bennettconstruction.us.crt"
domain full chain certificate
"/etc/ssl/bennettconstruction.us.fullchain.pem"
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Does it have a place with Apache conf's?
sign with letsencrypt
challengedir "/var/www/htdocs/bennettconstruction.us/acme"
}
#domain example.com {
# alternative names { secure.example.com }
# domain key "/etc/ssl/private/example.com.key"
# domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
# sign with letsencrypt
#}
