The httpd.conf and relayd.conf instructions in the README work, but leads to SEC_ERROR_UNKNOWN_ISSUER errors on some browsers.
The solution can be found in the project's documentation [1] which is to symlink the example.com.fullchain.pem file to example.com.crt. Here is a patch to the README that adds that instruction. What do you think la ninpre? [1]: https://mycorrhiza.wiki/hypha/openbsd -- Jag Talon (he/him) https://jagtalon.net/ https://weirder.earth/@jag
Index: pkg/README =================================================================== RCS file: /cvs/ports/www/mycorrhiza/pkg/README,v retrieving revision 1.1.1.1 diff -u -p -u -r1.1.1.1 README --- pkg/README 8 Sep 2022 13:35:47 -0000 1.1.1.1 +++ pkg/README 26 Feb 2024 22:22:35 -0000 @@ -58,6 +58,11 @@ acme-client(1)) and start httpd(8) and r # rcctl enable httpd relayd # rcctl start httpd relayd +If you already have a certificate following the acme-client.conf +default template, make sure to create the following symlink to prevent +SEC_ERROR_UNKNOWN_ISSUER issues on some browsers: + +# ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com.crt Setup =====