On Sun, Oct 27, 2024 at 12:34:06PM +0800, Sadeep Madurange wrote: > Hello, > > I had configured httpd with SSL using the guide at > https://www.openbsdhandbook.com/services/webserver/ssl/. It was working > fine for many months now. So, I'm not sure if this is related to the > recent OS upgrade. I just realized that the SSL cert had expired.
That's unaffiliated with OpenBSD. > When I run the acme-client with > > $ acme-client www.asciimx.com && rcctl reload httpd > > I get the following response: > > acme-client: 149.28.130.119: Invalid response from > http://www.asciimx.com/.well-known/acme-challenge/TJsxW8fpkhSmsPQIJjNme-H87aWLqx_LOh1L9rAPhkA: > 404 > > My httpd.conf: > > server "www.asciimx.com" { > listen on * tls port 443 > root "/htdocs/www.asciimx.com" > > tls { > certificate "/etc/ssl/www.asciimx.com.fullchain.pem" > key "/etc/ssl/private/www.asciimx.com.key" > } > > location "/.well-known/acme-challenge/*" { > root "/acme" > request strip 2 > } > > location "/foo" { > authenticate with "/htdocs/foo/.htpasswd" > fastcgi { > socket "/run/foo.sock" > } > } > } > > server "www.asciimx.com" { > listen on * port 80 > root "/htdocs/www.asciimx.com" > > location "/foo" { > block return 301 "https://$HTTP_HOST$REQUEST_URI"; > } > } I doubt this ever worked. ACME challenges are required to be done over HTTP, not HTTPS. You'll need to add location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } in this block instead of the "listen on * tls" one. > types { > text/plain asc > include "/usr/share/misc/mime.types" > }
