I also had to remove /etc/acme/letsencrypt-privkey.pem and re-do the process.
Just updating link to pdf not helped out.
> 2 feb. 2018 kl. 05:01 skrev Predrag Punosevac <punosevac72@gmail.com>:
>
> Jordan Geoghegan <jgeoghegan60@gmail.com> wrote:
>
>> Hi,
>>
>> I recently dealt with this issue as well and the solution was quite
>> silly. The problem is that acme-client is failing due to the agreement
>> url being out of date; there is a new agreement v1.2. acme-client has
>> been patched in current I believe to fix this issue and automatically
>> update the agreement url. For now, just change your config to list the
>> latest agreement url:
>> "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
>>
>> Hope this helps,
>>
>> Jordan
>
> Thank you so much for this prompt replay. I already signed certificate
> using certbot as we were hitting deadline. However, this is going to be
> very useful going forward with renewals.
>
> Best,
> Predrag
>
>>
>>
>>
>>
>> On 02/01/18 17:16, Predrag Punosevac wrote:
>>> Hi Misc,
>>>
>>> I have done this half dozen times in the past but I am having helluva
>>> time using acme-client to sign certificate for a domain. Any clues?
>>> Please see below machine, acme-client.conf and httpd.conf files
>>>
>>> # uname -a
>>> OpenBSD mcba.autonlab.org 6.2 GENERIC.MP#2 amd64
>>>
>>> # more /etc/acme-client.conf
>>>
>>> #
>>> # $OpenBSD: acme-client.conf,v 1.4 2017/03/22 11:14:14 benno Exp $
>>> #
>>> authority letsencrypt {
>>> agreement url
>>> "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
>>> api url "https://acme-v01.api.letsencrypt.org/directory"
>>> account key "/etc/acme/letsencrypt-privkey.pem"
>>> }
>>>
>>> authority letsencrypt-staging {
>>> agreement url
>>> "https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"
>>> api url "https://acme-staging.api.letsencrypt.org/directory"
>>> account key "/etc/acme/letsencrypt-staging-privkey.pem"
>>> }
>>>
>>> domain mcba.autonlab.org {
>>> # alternative names { secure.mcba.autonlab.org }
>>> domain key "/etc/ssl/acme/private/mcba.autonlab.org.key"
>>> domain certificate "/etc/ssl/acme/mcba.autonlab.org.crt"
>>> domain full chain certificate
>>> "/etc/ssl/acme/mcba.autonlab.org.fullchain.pem"
>>> sign with letsencrypt
>>> }
>>>
>>>
>>>
>>> # more /etc/httpd.conf
>>>
>>> # $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49 ajacoutot Exp $
>>>
>>> #
>>> # Macros
>>> #
>>> ext_addr="*"
>>>
>>> #
>>> # Global Options
>>> #
>>> # prefork 3
>>>
>>> #
>>> # Servers
>>> #
>>>
>>> # A name-based "virtual" server on the same address
>>> # server "mcba.autonlab.org" {
>>> server "mcba.autonlab.org" {
>>> listen on $ext_addr port 80
>>>
>>> location "/.well-known/acme-challenge/*" {
>>> root "/acme"
>>> root strip 2
>>> }
>>> # block return 301 "https://$SERVER_NAME$REQUEST_URI"
>>> }
>>>
>>> # An HTTPS server using SSL/TLS
>>> # server "mcba.autonlab.org" {
>>> # listen on $ext_addr tls port 443
>>>
>>> # TLS certificate and key files created with acme-client(1)
>>> # tls certificate "/etc/ssl/acme/www.autonsys.com.fullchain.pem"
>>> # tls key "/etc/ssl/acme/private/www.autonsys.com.key"
>>>
>>> # Define server-specific log files relative to /logs
>>> # log { access "secure-access.log", error "secure-error.log" }
>>>
>>> # Increase connection limits to extend the lifetime
>>> # connection { max requests 500, timeout 3600 }
>>>
>>> # root "/htdocs/mcba/pub"
>>> #}
>>>
>>>
>>> # Include MIME types instead of the built-in ones
>>> types {
>>> include "/usr/share/misc/mime.types"
>>> }
>>>
>>>
>>>
>>> # acme-client -vAD mcba.autonlab.org
>>> acme-client: /etc/acme/letsencrypt-privkey.pem: account key exists (not creating)
>>> acme-client: /etc/ssl/acme/private/mcba.autonlab.org.key: generated RSA domain key
>>> acme-client: https://acme-v01.api.letsencrypt.org/directory: directories
>>> acme-client: acme-v01.api.letsencrypt.org: DNS: 23.196.58.251
>>> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: req-auth: mcba.autonlab.org
>>> acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 403
>>> acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized",
>>> "detail": "No registration exists matching provided key", "status": 403
>>> }] (120 bytes)
>>> acme-client: bad exit: netproc(58513): 1
>>>
>>>
>
No comments:
Post a Comment