Add image to openbsd letsencrypt post

1 files changed, 0 insertions, 118 deletions

diff --git a/content/posts/letsencrypt-on-openbsd.org b/content/posts/letsencrypt-on-openbsd.org
deleted file mode 100644
index 155042e..0000000
--- a/content/posts/letsencrypt-on-openbsd.org
+++ /dev/null
@@ -1,118 +0,0 @@
-#+TITLE: Let's Encrypt on OpenBSD
-#+DATE: 2020-06-16T22:56:27-04:00
-#+DRAFT: false
-#+DESCRIPTION: Setting up acme-client on OpenBSD
-#+TAGS[]: openbsd httpd letsencrypt acme-client
-#+KEYWORDS[]: openbsd httpd letsencrypt acme-client
-#+SLUG:
-#+SUMMARY:
-
-So I have an OpenBSD server serving a static website using
-=httpd=. I've been thinking for a while I should add an SSL
-certificate, but never got around to it because it was just a small
-hobby website and it didn't require any real attention.
-
-Today while watching one of the OpenBSD tutorials at BSDCan, I thought
-it was finally time. Since configuring everything else in OpenBSD is
-so easy, this must be easy too, right?
-
-These were the only changes I had to make to my =httpd.conf= to get
-=acme-client= to work. This is described in the =acme-client= man
-page.
-#+BEGIN_SRC diff
---- httpd.conf
-+++ httpd.conf.new
-@@ -1,4 +1,19 @@
- server "lambda.cx" {
-   listen on * port 80
-   root "/htdocs/lambda.cx"
-+  location "/.well-known/acme-challenge/*" {
-+    root "/acme"
-+    request strip 2
-+  }
-+}
-#+END_SRC
-
-After that, I reloaded =httpd= with ~rcctl reload httpd~
-
-I then copies the example config from =/etc/examples/acme-client.conf=
-to =/etc/acme-client=. This is what the modifications to the example I
-made look like.
-
-#+BEGIN_SRC diff
---- acme-client.conf
-+++ acme-client.conf.new
-@@ -1,19 +1,19 @@
- #
- # $OpenBSD: acme-client.conf,v 1.2 2019/06/07 08:08:30 florian Exp $
- #
- authority letsencrypt {
- 	api url "https://acme-v02.api.letsencrypt.org/directory"
- 	account key "/etc/acme/letsencrypt-privkey.pem"
- }
-
- authority letsencrypt-staging {
- 	api url "https://acme-staging-v02.api.letsencrypt.org/directory"
- 	account key "/etc/acme/letsencrypt-staging-privkey.pem"
- }
-
--domain example.com {
--	alternative names { secure.example.com }
--	domain key "/etc/ssl/private/example.com.key"
--	domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
-+domain lambda.cx {
-+	# alternative names { www.lambda.cx }
-+	domain key "/etc/ssl/private/lambda.cx.key"
-+	domain full chain certificate "/etc/ssl/lambda.cx.fullchain.pem"
- 	sign with letsencrypt
- }
-#+END_SRC
-
-It's a pretty small change. I have the alternative name line commented
-out because I only have =lambda.cx= pointing at my server and not
-=www.lambda.cx=. Although if I did I would un-comment it. I could also
-add sub-domains like =sub.lambda.cx= in that area separated by a
-space.
-
-After that I just had to run ~acme-client -v lambda.cx~ (-v for
-verbosity) and it generated the certificates.
-
-Then I added a =crontab= entry (using =crontab -e=) to run once a day
-at a random time and reload =httpd=.
-
-#+BEGIN_SRC
-~	~	*	*	*	acme-client lambda.cx && rcctl reload httpd
-#+END_SRC
-
-Finally to use the new certificates I added the following lines to my
-=httpd.conf=.
-
-#+BEGIN_SRC diff
---- httpd.conf
-+++ httpd.conf.new
-@@ -1,8 +1,21 @@
- server "lambda.cx" {
-   listen on * port 80
-   root "/htdocs/lambda.cx"
-   location "/.well-known/acme-challenge/*" {
-     root "/acme"
-     request strip 2
-   }
- }
-+
-+server "lambda.cx" {
-+  listen on * tls port 443
-+  tls {
-+    certificate "/etc/ssl/lambda.cx.fullchain.pem"
-+    key "/etc/ssl/private/lambda.cx.key"
-+  }
-+  root "/htdocs/lambda.cx"
-+  location "/.well-known/acme-challenge/*" {
-+    root "/acme"
-+    request strip 2
-+  }
-+}
-#+END_SRC
-
-I reloaded httpd with ~rcctl reload httpd~ and that was it, working
-certificate!