Greetings! This is a quick piece on where to get a client for LetsEncrypt on OpenBSD6.0.
I had to tackle this today and wanted to capture as much as I remember to make it useful. This is what I remember:
EDIT: I had to change the prompts for the commands listed because pound char is a tag
Getting the Client:
We are going to install a package from OpenBSD repository in Boulder, CO
1.) From the shell as root: you have to set your PKG_PATH
- export PKG_PATH=http://ftp3.usa.openbsd.org/pub/OpenBSD/6.0/packages/amd64(replace with your architecture)
2.) Make sure it can connect to the repository
- pkg_info rt
If it returns with something useful - great - it works.
3.) Now we install LetsEncrypt client
- pkg_add certbot
This will add a handful of additional programs
4.) Next we need to get our cert going for our webserver
PLEASE NOTE - I use Reyk Floeter’s excellent -httpd- server in the base package of OpenBSD. In the past I’ve used both Apache and NGINX when OpenBSD included them in the base package. Following OpenBSD through web servers was a big jump I made years ago and I’m happy I did - ok enough about me
We need to edit your /etc/httpd.conf file with nano or vi
-
nano /etc/httpd.conf
Change/Add these lines:
server “example.com” {
listen on * tls port 443tls certificate "/etc/letsencrypt/live/example.com/fullchain.pem" tls key "/etc/letsencrypt/live/example.com/privkey.pem" root "/htdocs"
}
Don’t forget to save (ctrl-o in nano) (:wq in vi)
5.) We are ready to request our certificate.
First we stop the webserver because the script will fail due to port 443 being used
- /etc/rc.d/httpd stop
Next we request our cert from LetsEncrypt - certbot certonly -d example.com
With a little luck - It should come back with some success.
The keys should be in place but we’ll look to be sure (you are logged in as root, aren’t you?)
- ls -l /etc/letsencrypt/live
You should see a folder with the domain name example.com - that’s good enough
Out of habit I always check the webserver config before starting
- httpd -n
Lastly, restart the webserver
- /etc/rc.d/httpd start
If it starts - then go to another browser or tab and navigate to https://example.com
I hope this works for you.
We’ll see how my renewing cron job works - I may post an update one day.