Okay, here is the working configuration:
/etc/httpd.conf
Code:
ext_addr="*"
server "domain.tld" {
alias www.domain.tld
listen on $ext_addr port 80
location "/.well-known/acme-challenge/*" {
root "/htdocs/acme"
root strip 2
}
}
/etc/acme-client.conf
Code:
# $OpenBSD: acme-client.conf,v 1.4 2017/03/22 11:14:14 benno Exp $
#
authority letsencrypt {
agreement url "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
api url "https://acme-v01.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
agreement url "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
api url "https://acme-staging.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
domain www.domain.tld {
alternative names { domain.tld sub1.domain.tld sub2.domain.tld sub3.domain.tld }
domain key "/etc/ssl/private/domain.tld.key"
domain certificate "/etc/ssl/domain.tld.crt"
domain full chain certificate "/etc/ssl/domain.tld.fullchain.pem"
sign with letsencrypt
challengedir "/var/www/htdocs/acme"
}
ls -l /var/www/htdocs/
Code:
total 12
drwxr-xr-x 2 www www 512 Feb 23 22:42 acme
Before issuing command
acme-client -vvAD www.domain.tld ensure you have created subdomains with your registrar that point to your server.
NB. It DOES NOT work with
httpd serving
root "/var/www/acme" or
root "/acme" for
location "/.well-known/acme-challenge/*" for some reason. You MUST
mkdir /var/www/htdocs/acme and
chown -R www:www /var/www/htdocs/acme. This was tested on two different servers and both returned error 1 when using default
/acme location of
/var/www/acme. I don't know why, but that's how it is.