https://xkcd.com/979/ On Sat, Apr 03, 2021 at 05:43:36PM +0200, open...@crw.name wrote: > Self solved. > > Am 02.04.2021 14:02, schrieb open...@crw.name: > > Hello, I need some help to configure my acme-client the right way. > > > > Obtain certificates itself works using OpenBSD -current #434 from April > > 1st. > > > > I have a CAA record > > > > $ dig -t CAA our.bio-planet.earth +short > > 0 issue "letsencrypt.org" > > > > The configuration for httpd.conf and relayd.conf are taken fron honk > > https://cvsweb.openbsd.org/ports/www/honk/pkg/README?rev=1.4&content-type=text/x-cvsweb-markup > > > > The acme-client.conf is taken from /etc/examples/ and the settings for > > the domain are > > > > $ tail -f /etc/acme-client.conf > > domain our.bio-planet.earth { > > domain key "/etc/ssl/private/our.bio-planet.earth.key" > > domain certificate "/etc/ssl/our.bio-planet.earth.crt" > > domain full chain certificate > > "/etc/ssl/our.bio-planet.earth.fullchain.pem" > > sign with letsencrypt > > } > > > > The FQHN equals the domain and I donĀ“t want to use other / sub > > domains. The .crt file is required for the tls keypair part in > > relayd.conf. > > > > If I try to verify the certificate using > > > > $ openssl verify our.bio.planet.earth.fullchain.pem > > CN = our.bio-planet.earth > > error 21 at 0 depth lookup:unable to verify the first certificate > > CN = our.bio-planet.earth > > error 21 at 0 depth lookup:unable to verify the first certificate > > /etc/ssl/our.bio-planet.earth.fullchain.pem: verification failed: 21 > > (unable to verify the first certificate) > > > > On the other hand > > > > $ openssl verify /etc/ssl/cert.pem > > cert.pem: OK > > > > How can I fix this as it did not work if I try to use the certs for > > example for prosody. > > > > Thanks and regards, > > > > > > Christoph >
-- I'm not entirely sure you are real.
