I'm not understanding why I'm getting a relayd error. Thanks in advance.
According to http://man.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/relayd.conf.5#listen_on,
I just need address.crt and private/address.key to use tls with
relayd, which you can see I do below.
So why am I getting the relayd error "cannot load certificates for relay www"?
I have included how I got the key and crt files from acme-client/lets
encrypt in case it's relevant.
$ uname -prsv
OpenBSD 6.1 GENERIC#88 amd64
$ cat /etc/acme-client.conf
#
# $OpenBSD: acme-client.conf,v 1.4 2017/03/22 11:14:14 benno Exp $
#
authority letsencrypt {
agreement url
"https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
api url "https://acme-v01.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
agreement url
"https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
api url "https://acme-staging.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
domain thelang.space {
alternative names { mail.thelang.space www.thelang.space }
domain key "/etc/ssl/private/thelang.space.key"
domain certificate "/etc/ssl/thelang.space.crt"
domain full chain certificate "/etc/ssl/thelang.space.fullchain.pem"
sign with letsencrypt
challengedir "/var/www/htdocs/.well-known/acme-challenge"
}
$ doas acme-client -vAD thelang.space
acme-client: /etc/ssl/private/thelang.space.key: domain key exists
(not creating)
acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists
(not creating)
acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
acme-client: acme-v01.api.letsencrypt.org: DNS: 104.68.109.156
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz:
req-auth: thelang.space
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz:
req-auth: mail.thelang.space
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz:
req-auth: www.thelang.space
acme-client: /var/www/htdocs/.well-known/acme-challenge/hALHIbtLAX4k274bN4AFBV0W-T08pKTqD6lBw0-CplM:
created
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/mempVpv498Gw4d7Wr24qcinn5ZUfX_6IO2kQOeskf40/1271082083:
challenge
acme-client: /var/www/htdocs/.well-known/acme-challenge/SMwY0p1ma9ZDQrlyM6h9BbZkEnMCKx2lW69__zcmCgI:
created
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/bwNrTgnJmUIH-XqInRMDmRNgRMnXQKBUZngPi3wuHt4/1271082087:
challenge
acme-client: /var/www/htdocs/.well-known/acme-challenge/wu3Zhef8NA8b9wmxHeMjXBZCg3EKGHgnM30Tx_qn1Ws:
created
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/fHeHrAzF9RAXO-eJMZxfWElhkf4duUw934pUWy2gWyM/1271082092:
challenge
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/mempVpv498Gw4d7Wr24qcinn5ZUfX_6IO2kQOeskf40/1271082083:
status
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/bwNrTgnJmUIH-XqInRMDmRNgRMnXQKBUZngPi3wuHt4/1271082087:
status
acme-client: https://acme-v01.api.letsencrypt.org/acme/challenge/fHeHrAzF9RAXO-eJMZxfWElhkf4duUw934pUWy2gWyM/1271082092:
status
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-cert: certificate
acme-client: http://cert.int-x3.letsencrypt.org/: full chain
acme-client: cert.int-x3.letsencrypt.org: DNS: 165.254.42.42
acme-client: /etc/ssl/thelang.space.crt: created
acme-client: /etc/ssl/thelang.space.fullchain.pem: created
$ cat /etc/relayd.conf
table <httpd> { 127.0.0.1 }
relay www {
listen on thelang.space port 443 tls
forward to <httpd> check tcp port 8080
}
$ doas relayd -d
startup
/etc/relayd.conf:7: cannot load certificates for relay www
no actions, nothing to do
hce exiting, pid 2324
pfe exiting, pid 21204
ca exiting, pid 18722
ca exiting, pid 45718
ca exiting, pid 79639
relay exiting, pid 31292
relay exiting, pid 32940
relay exiting, pid 75225
$ ls /etc/ssl/thelang.space.crt
/etc/ssl/thelang.space.crt
$ doas ls /etc/ssl/private/thelang.space.key
/etc/ssl/private/thelang.space.key
- Dillon
No comments:
Post a Comment