Scribd Logo
Upload

Welcome to Scribd!

  • Enable Https With Acme-Client (1) and Let'S Encrypt On Openbsd

    Uploaded by

    Lara Smith Laursen
    12 views5 pages

    Original Title

    OBSD_acme

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    12 views5 pages

    Enable Https With Acme-Client (1) and Let'S Encrypt On Openbsd

    Uploaded by

    Lara Smith Laursen

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 5

    Enable HTTPS with acme-client(1) and Let’s Encrypt on OpenBSD —... https://www.romanzolotarev.com/openbsd/acme-client.

    html

    Tested on OpenBSD 6.6-beta

    Enable HTTPS with acme-


    client(1) and Let’s Encrypt on
    OpenBSD
    Configure httpd(8).

    To use Let’s Encrypt as a certificate authority for TLS encryption add or


    update your CAA records for your domain.

    To configure acme-client(1), add these sections to


    :

    Create directories:

    mkdir -p -m 700 /etc/ssl/private


    mkdir -p -m 755 /var/www/acme

    1 of 5 18/4/2020, 2:14 pm
    Enable HTTPS with acme-client(1) and Let’s Encrypt on OpenBSD —... https://www.romanzolotarev.com/openbsd/acme-client.html

    Update to handle verification requests from Let’s


    Encrypt. It should look like this:

    Check this configuration and restart :

    httpd -n

    rcctl restart httpd

    Let’s run to create new account and domain keys.

    acme-client -v www.example.com

    To renew certificates automatically edit the current crontab:

    crontab -e

    Append this line:

    Save and exit:

    2 of 5 18/4/2020, 2:14 pm
    Enable HTTPS with acme-client(1) and Let’s Encrypt on OpenBSD —... https://www.romanzolotarev.com/openbsd/acme-client.html

    Enable HTTPS and restart the daemon


    Now we have the new certificate and domain key, so we can re-configure
    to handle HTTPS requests. Add two server sections to
    for TLS. The result should look like this:

    3 of 5 18/4/2020, 2:14 pm
    Enable HTTPS with acme-client(1) and Let’s Encrypt on OpenBSD —... https://www.romanzolotarev.com/openbsd/acme-client.html

    Test this configuration and restart :

    httpd -n

    rcctl restart httpd

    To verify your setup run SSL server test.

    Congratulation! Your website and its visitors are now secured.

    Add domains
    Backup and remove the certificate

    mv /etc/ssl/www.example.com.crt /etc/ssl/www.example.com.crt.bak

    Add a new alternative name to :

    Add a new server section to . Use the same certificate


    and key.

    4 of 5 18/4/2020, 2:14 pm
    Enable HTTPS with acme-client(1) and Let’s Encrypt on OpenBSD —... https://www.romanzolotarev.com/openbsd/acme-client.html

    Request a new certificate with the new alternative in it. Verify


    and restart :

    acme-client -vF www.example.com

    httpd -n

    rcctl restart httpd

    © 2008–2019 Roman Zolotarev User Agreement Privacy Policy

    5 of 5 18/4/2020, 2:14 pm

    You might also like