On 2024-10-27 05:55:37, Lucas Gabriel Vuotto wrote: > On Sun, Oct 27, 2024 at 12:34:06PM +0800, Sadeep Madurange wrote: > > I had configured httpd with SSL using the guide at > > https://www.openbsdhandbook.com/services/webserver/ssl/. It was > > working fine for many months now. So, I'm not sure if this is > > related to the recent OS upgrade. I just realized that the SSL cert > > had expired. > > That's unaffiliated with OpenBSD. > > > When I run the acme-client with > > > > $ acme-client www.asciimx.com && rcctl reload httpd > > > > I get the following response: > > > > acme-client: 149.28.130.119: Invalid response from > > http://www.asciimx.com/.well-known/acme-challenge/TJsxW8fpkhSmsPQIJjNme-H87aWLqx_LOh1L9rAPhkA: > > 404 > > > > My httpd.conf: > > > > server "www.asciimx.com" { > > listen on * port 80 > > root "/htdocs/www.asciimx.com" > > > > location "/foo" { > > block return 301 "https://$HTTP_HOST$REQUEST_URI"; > > } > > } > > I doubt this ever worked. ACME challenges are required to be done over > HTTP, not HTTPS. You'll need to add > > location "/.well-known/acme-challenge/*" { > root "/acme" > request strip 2 > } > > in this block instead of the "listen on * tls" one. > > > types { > > text/plain asc > > include "/usr/share/misc/mime.types" > > }
Moving the acme challenge path to HTTP block worked. Now that I look at the error message more carefully, I see that the 404 was reported for an HTTP request, not HTTPS. So, it was wrong all along then. All this time I thought www.openbsdhandbook.com was an official OpenBSD resource! Thanks very much for that info too. -- Sadeep Madurange PGP: 103BF9E3E750BF7E
