Support for OpenBSD 6.4 ended in October of 2019 (almost two years ago).
Is there a reason that hasn't been updated?
[I only bring that up because I'm paranoid about security - LOL]
My practice on OS upgrades is always to install on a clean disk and then
copy over user files. However, this system is a RAID blade server on which
this procedure is impractical, so I'm planning not to upgrade as long as the
hardware lasts. The server doesn't do much -- it holds a lot of file
archives, is a very low-traffic MTA, and (if I can get letsencrypt working)
will serve as a home task organizer for 3 people -- and while I'm reasonably
security-conscious, given the combination of low traffic, limited services
(ssh, smtp, imap, and the single-function https server) and OpenBSD's good
security record, I'm not too concerned. In fact, the only reason I want to
upgrade my home gateway, which runs OpenBSD 5.5, is that its sendmail
installation crashes on certain bad messages and its DNS server doesn't
implement some newer protocol and therefore has a lot of transitory
failures.
Are you expert with OpenBSD? I struggled literally for months trying to get
smtpd configured to replace sendmail on my gateway, and finally gave up.
Exhaustion from that struggle is the only thing keeping me from upgrading
the gateway, and I could happily go for the most recent OpenBSD release.
In any case, you should be able to use certbot to obtain and renew the cert
(with SAN entry) you need.
See installation instructions: Certbot - Opbsd6 Other (eff.org)
My impression was that certbot requires a fully functional Web server
listening on port 80, which is one of the things I really want to avoid.
Did I misunderstand?
Thanks -
aeadmin