I also had to remove /etc/acme/letsencrypt-privkey.pem and re-do the process. Just updating link to pdf not helped out.
> 2 feb. 2018 kl. 05:01 skrev Predrag Punosevac <punoseva...@gmail.com>: > > Jordan Geoghegan <jgeoghega...@gmail.com> wrote: > >> Hi, >> >> I recently dealt with this issue as well and the solution was quite >> silly. The problem is that acme-client is failing due to the agreement >> url being out of date; there is a new agreement v1.2. acme-client has >> been patched in current I believe to fix this issue and automatically >> update the agreement url. For now, just change your config to list the >> latest agreement url: >> "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"; >> >> Hope this helps, >> >> Jordan > > Thank you so much for this prompt replay. I already signed certificate > using certbot as we were hitting deadline. However, this is going to be > very useful going forward with renewals. > > Best, > Predrag > >> >> >> >> >> On 02/01/18 17:16, Predrag Punosevac wrote: >>> Hi Misc, >>> >>> I have done this half dozen times in the past but I am having helluva >>> time using acme-client to sign certificate for a domain. Any clues? >>> Please see below machine, acme-client.conf and httpd.conf files >>> >>> # uname -a >>> OpenBSD mcba.autonlab.org 6.2 GENERIC.MP#2 amd64 >>> >>> # more /etc/acme-client.conf >>> >>> # >>> # $OpenBSD: acme-client.conf,v 1.4 2017/03/22 11:14:14 benno Exp $ >>> # >>> authority letsencrypt { >>> agreement url >>> "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"; >>> api url "https://acme-v01.api.letsencrypt.org/directory"; >>> account key "/etc/acme/letsencrypt-privkey.pem" >>> } >>> >>> authority letsencrypt-staging { >>> agreement url >>> "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"; >>> api url "https://acme-staging.api.letsencrypt.org/directory"; >>> account key "/etc/acme/letsencrypt-staging-privkey.pem" >>> } >>> >>> domain mcba.autonlab.org { >>> # alternative names { secure.mcba.autonlab.org } >>> domain key "/etc/ssl/acme/private/mcba.autonlab.org.key" >>> domain certificate "/etc/ssl/acme/mcba.autonlab.org.crt" >>> domain full chain certificate >>> "/etc/ssl/acme/mcba.autonlab.org.fullchain.pem" >>> sign with letsencrypt >>> } >>> >>> >>> >>> # more /etc/httpd.conf >>> >>> # $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49 ajacoutot Exp $ >>> >>> # >>> # Macros >>> # >>> ext_addr="*" >>> >>> # >>> # Global Options >>> # >>> # prefork 3 >>> >>> # >>> # Servers >>> # >>> >>> # A name-based "virtual" server on the same address >>> # server "mcba.autonlab.org" { >>> server "mcba.autonlab.org" { >>> listen on $ext_addr port 80 >>> >>> location "/.well-known/acme-challenge/*" { >>> root "/acme" >>> root strip 2 >>> } >>> # block return 301 "https://$SERVER_NAME$REQUEST_URI"; >>> } >>> >>> # An HTTPS server using SSL/TLS >>> # server "mcba.autonlab.org" { >>> # listen on $ext_addr tls port 443 >>> >>> # TLS certificate and key files created with acme-client(1) >>> # tls certificate "/etc/ssl/acme/www.autonsys.com.fullchain.pem" >>> # tls key "/etc/ssl/acme/private/www.autonsys.com.key" >>> >>> # Define server-specific log files relative to /logs >>> # log { access "secure-access.log", error "secure-error.log" } >>> >>> # Increase connection limits to extend the lifetime >>> # connection { max requests 500, timeout 3600 } >>> >>> # root "/htdocs/mcba/pub" >>> #} >>> >>> >>> # Include MIME types instead of the built-in ones >>> types { >>> include "/usr/share/misc/mime.types" >>> } >>> >>> >>> >>> # acme-client -vAD mcba.autonlab.org >>> acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists (not >>> creating) >>> acme-client: /etc/ssl/acme/private/mcba.autonlab.org.key: generated RSA >>> domain key >>> acme-client: https://acme-v01.api.letsencrypt.org/directory: directories >>> acme-client: acme-v01.api.letsencrypt.org: DNS: 23.196.58.251 >>> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: >>> mcba.autonlab.org >>> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: >>> 403 >>> acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized", >>> "detail": "No registration exists matching provided key", "status": 403 >>> }] (120 bytes) >>> acme-client: bad exit: netproc(58513): 1 >>> >>> >
