Den mån 5 juni 2023 kl 09:51 skrev Ronald Heggenberger
:
>
> Well, the custom port is not for the acme-client to expose the
> http-challange,
> but for the acme provisioner endpoint (the server creating and managing
> the certs, in
Sorry then, my bad.
--
May the most significant bit of your life
Well, the custom port is not for the acme-client to expose the
http-challange,
but for the acme provisioner endpoint (the server creating and managing
the certs, in
that case "step-ca"), where acme-client itself requests the certificates
from.
But yeah, besides trying a pf forward for my case
Den sön 4 juni 2023 kl 17:57 skrev Ronald Heggenberger
:
> Well, when you run the step-ca as a non-root user (which is the default
> config for the package) you cannot use the default TLS port (443) -
> hence 8443 for the step-ca service.
Before adding parsers and whatnot to allow for non-https po
On Sun, 04 Jun 2023 18:05:19 +0200, Ronald Heggenberger wrote:
> (Since I see that there's an implementation within the acme-client code,
> which you replied -> isn't there an existing library somewhere in
> OpenBSD that can break up a URL in it's compositional parts? This looks
> like acme-cli
Have you tried redirecting port 443 to port 8443 thru pf?
This way, you could even make it only redirect specific clients to
8443, and, in theory, still run a https webserver for other clients.
Cheers,
Paul 'WEiRD' de Weerd
On Sun, Jun 04, 2023 at 05:56:47PM +0200, Ronald Heggenberger wrote:
|
Hi, Todd!
Thanks for your reply.
To be honest, I've never built the kernel or world for OpenBSD... But
that would be a good start to try.
I'll spin up another VM with such an environment and will report back.
(Since I see that there's an implementation within the acme-client code,
which you
Hi, Peter!
Well, when you run the step-ca as a non-root user (which is the default
config for the package) you cannot use the default TLS port (443) -
hence 8443 for the step-ca service.
I don't want to run step-ca as root user for a couple of reasons:
- deviate from the default package confi
Can you try the following diff to acme-client that adds support for
parsing a port number after the hostname?
If we decide to go this route we may wish to support a service name
in addition to a port number and IP addresses bracked with '[' and
']' but first things first.
- todd
Index: netproc.
On Sun, Jun 04, 2023 at 10:48:07AM +0200, Ronald Heggenberger wrote:
> Hi!
>
> (sorry for the second attempt of this message - our domain was not configured
> properly for mailing lists (dmarc reject) and I think the first attempt
> probably wasn't processed properly)
>
> I am using step-ca to
