Creating a new cert on openbsd

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: hunterxbry.com

I ran this command: acme-client -vvv -f /etc/acme-client.conf hunterxbry.com

It produced this output:

root@arpsie: /home/forgotten

acme-client -vvv -f /etc/acme-client.conf hunterxbry.com

acme-client: /etc/acme/letsencrypt-privkey.pem: loaded account key
acme-client: /etc/ssl/private/hunterxbry.com.key: loaded domain key
acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
acme-client: transfer buffer: [{ “_uddy-Ky7XI”: “Adding random entries to the directory”, “keyChange”: “https://acm
e-v02.api.letsencrypt.org/acme/key-change”, “meta”: { “caaIdentities”: [ “letsencrypt.org” ], “termsOfService”: “https://letsencrypt.org/documents/LE-SA-v1.2
-November-15-2017.pdf”, “website”: “https://letsencrypt.org” }, “newAccount”: “https://acme-v02.api.letsencrypt.org/acme/new-acct”, “newNonce”: “https://acme
-v02.api.letsencrypt.org/acme/new-nonce”, “newOrder”: “https://acme-v02.api.letsencrypt.org/acme/new-order”, “revokeCert”: “https://acme-v02.api.letsencrypt.
org/acme/revoke-cert” }] (658 bytes)
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ “key”: { “kty”: “RSA”, “n”: “seFJM9gCGa1D0K8Q2fMEKZl9uQYDN2Mru7nNQiLq6WgQLIyh8CMo5O0fLjXoLKlExmTnOzmPheBXu6lcHOXJPOYeUWUwij5
cHE_HRTp76XeaEG41mvpAonvWFqoIs1e-Fd5n0xiRyn4Ml8gE5dHDJBssI-3q5crZjFsS7XwsgWkYBjFMQxCt5WQqIBtdLrBtTOP5dfPu0Jw0Q5aUCeYaCwgTATR-SNwg8MKIf1FCQtcaRnI33Knc8DugzPKj
iFjlfORMqH0JGhq5G2pWFhtSKSk89XKG1qSUfxaVwtLFOkL9x-NtA_GmaDIwokXi2TPhFWS6kgYNOXn7HwD5nOetoxjmK4lyFDvAcn99wlr_d5NRimTg1CgTCeuqmkVNyLRhBKY5NBc35R20RsCGWT0Gsk74Y
aN1BdrZjb1KGOVV6dDOoYVTyH4HcbGnbrMrG5_4cfZ2rP_k1PQH8m_S5LEVdW0YzAv5o4VJFhZPqOLzX_lDM33-IRgKFTF108TYpgIml9KXHPe91Hex3x5oIyIciiTCIAkzRgyJnf9vXwGfQ4emcupAyW0FzC
kfne_eGYyQYzdwMXB8nR5zLecfULjkEGJLXca2NV4vVBerYNUeZj4HeDdTekAbDTgy_n-BH3RkGIDBuz-y-rWQD8th7Jr8JOhocvm5zgnECHW8V70rYK8”, “e”: “AQAB” }, “contact”: , “initia
lIp”: “174.136.98.210”, “createdAt”: “2017-09-30T18:28:08Z”, “status”: “valid” }] (858 bytes)
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ “status”: “pending”, “expires”: “2020-07-23T00:13:40.30102924Z”, “identifiers”: [ { “type”: “dns”, “value”: “hunterxbry.com
}, { “type”: “dns”, “value”: “www.hunterxbry.com” } ], “authorizations”: [ “https://acme-v02.api.letsencrypt.org/acme/authz-v3/5877039683”, “https://acme-v0
2.api.letsencrypt.org/acme/authz-v3/5906223810” ], “finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/22027830/4224394717” }] (482 bytes)
acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5877039683
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ “identifier”: { “type”: “dns”, “value”: “hunterxbry.com” }, “status”: “valid”, “expires”: “2020-08-13T14:09:42Z”, “challenge
s”: [ { “type”: “http-01”, “status”: “valid”, “url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5877039683/g8pzCQ”, “token”: “Qdb8rioM-JH42xwkaUN3Mg
ths3Ey6Ihrs7qVLPk8SmU”, “validationRecord”: [ { “url”: “http://hunterxbry.com/.well-known/acme-challenge/Qdb8rioM-JH42xwkaUN3Mgths3Ey6Ihrs7qVLPk8SmU”, “hostn
ame”: “hunterxbry.com”, “port”: “80”, “addressesResolved”: [ “174.136.98.214” ], “addressUsed”: “174.136.98.214” } ] } ] }] (714 bytes)
acme-client: challenge, token: Qdb8rioM-JH42xwkaUN3Mgths3Ey6Ihrs7qVLPk8SmU, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/5877039683/g8pzCQ, status
: 2
acme-client: dochngreq: https://acme-v02.api.letsencrypt.org/acme/authz-v3/5906223810
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ “identifier”: { “type”: “dns”, “value”: “www.hunterxbry.com” }, “status”: “pending”, “expires”: “2020-07-23T00:13:40Z”, “cha
llenges”: [ { “type”: “http-01”, “status”: “pending”, “url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5906223810/TXzy0w”, “token”: “258nBfWfQ-5Vbs
HOgGUktGuiUDDK7vGwa4hO2DB0tnM” }, { “type”: “dns-01”, “status”: “pending”, “url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5906223810/olJ7-A”, “to
ken”: “258nBfWfQ-5VbsHOgGUktGuiUDDK7vGwa4hO2DB0tnM” }, { “type”: “tls-alpn-01”, “status”: “pending”, “url”: “https://acme-v02.api.letsencrypt.org/acme/chall-
v3/5906223810/-qWo4A”, “token”: “258nBfWfQ-5VbsHOgGUktGuiUDDK7vGwa4hO2DB0tnM” } ] }] (796 bytes)
acme-client: challenge, token: 258nBfWfQ-5VbsHOgGUktGuiUDDK7vGwa4hO2DB0tnM, uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/5906223810/TXzy0w, status
: 0
acme-client: /var/www/acme/258nBfWfQ-5VbsHOgGUktGuiUDDK7vGwa4hO2DB0tnM: created
acme-client: https://acme-v02.api.letsencrypt.org/acme/chall-v3/5906223810/TXzy0w: challenge
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ “type”: “http-01”, “status”: “pending”, “url”: “https://acme-v02.api.letsencrypt.org/acme/chall-v3/5906223810/TXzy0w”, “toke
n”: “258nBfWfQ-5VbsHOgGUktGuiUDDK7vGwa4hO2DB0tnM” }] (185 bytes)
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: acme-v02.api.letsencrypt.org: cached
acme-client: transfer buffer: [{ “status”: “invalid”, “expires”: “2020-07-23T00:13:40Z”, “identifiers”: [ { “type”: “dns”, “value”: “hunterxbry.com” }, { “ty
pe”: “dns”, “value”: “www.hunterxbry.com” } ], “authorizations”: [ “https://acme-v02.api.letsencrypt.org/acme/authz-v3/5877039683”, “https://acme-v02.api.let
sencrypt.org/acme/authz-v3/5906223810” ], “finalize”: “https://acme-v02.api.letsencrypt.org/acme/finalize/22027830/4224394717” }] (473 bytes)
acme-client: order.status -1
acme-client: bad exit: netproc(44293): 1

My web server is (include version): OpenBSD 6.7 - httpd(8)

The operating system my web server runs on is (include version): OpenBSD 6.7

My hosting provider, if applicable, is: Arpnetworks, but is my own VPS.

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): acme-client-0.1.16p2.tgz

ANY help with this is greatly appreciated. I have 4 other domains on this server that all work fine, i just renewed two of them this morning after attempting this domain again just to make sure the whole thing wasn’t broken. Other sites worked fine. I can’t show you my /etc/acme-client.conf as well:

cat /etc/acme-client.conf

authority letsencrypt {
api url “https://acme-v02.api.letsencrypt.org/directory
account key “/etc/acme/letsencrypt-privkey.pem”
}

authority letsencrypt-staging {
api url “https://acme-staging-v02.api.letsencrypt.org/directory
account key “/etc/acme/letsencrypt-staging-privkey.pem”
}

domain wyliebayes.com {
alternative names { www.wyliebayes.com }
domain key “/etc/ssl/private/wyliebayes.com.key”
domain certificate “/etc/ssl/wyliebayes.com.crt”
domain full chain certificate “/etc/ssl/wyliebayes.com.fullchain.pem”
sign with letsencrypt
challengedir “/var/www/acme”
}

domain wmfb.co {
alternative names { www.wmfb.co }
domain key “/etc/ssl/private/wmfb.co.key”
domain certificate “/etc/ssl/wmfb.co.crt”
domain full chain certificate “/etc/ssl/wmfb.co.fullchain.pem”
sign with letsencrypt
challengedir “/var/www/acme”
}

domain nadasound.com {
alternative names { www.nadasound.com }
domain key “/etc/ssl/private/nadasound.com.key”
domain certificate “/etc/ssl/nadasound.com.crt”
domain full chain certificate “/etc/ssl/nadasound.com.fullchain.pem”
sign with letsencrypt
challengedir “/var/www/acme”
}

domain rootgoat2020.com {
alternative names { www.rootgoat2020.com }
domain key “/etc/ssl/private/rootgoat2020.com.key”
domain certificate “/etc/ssl/rootgoat20202.com.crt”
domain full chain certificate “/etc/ssl/rootgoat2020.com.fullchain.pem”
sign with letsencrypt
challengedir “/var/www/acme”
}

domain hackersnhops.com {
alternative names { www.hackersnhops.com }
domain key “/etc/ssl/private/hackersnhops.com.key”
domain certificate “/etc/ssl/hackersnhops.com.crt”
domain full chain certificate “/etc/ssl/hackersnhops.com.fullchain.pem”
sign with letsencrypt
challengedir “/var/www/acme”
}

domain hunterxbry.com {
alternative names { www.hunterxbry.com }
domain key “/etc/ssl/private/hunterxbry.com.key”
domain certificate “/etc/ssl/hunterxbry.com.crt”
domain full chain certificate “/etc/ssl/hunterxbry.com.fullchain.pem”
sign with letsencrypt
challengedir “/var/www/acme”
}

httpd.conf entry:

    server "hunterxbry.com" {
            listen on 174.136.98.214 port 80
            listen on 174.136.98.214 port 443
            log syslog
            location "/.well-known/acme-challenge/*" {
                    root "/acme"
                    request strip 2
            }

This is commented out on purpose. after cert is created i send to relayd / node application.

block return 301 “https://$SERVER_NAME$REQUEST_URI”

    }

Looking at https://acme-v02.api.letsencrypt.org/acme/authz-v3/5906223810, it looks like your www.hunterxbry.com subdomain doesn’t have a DNS record.

Your base domain seems fine, it the authorization succeded.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.