1 files changed, 37 insertions, 34 deletions

diff --git a/content/posts/letsencrypt-on-openbsd.org b/content/posts/letsencrypt-on-openbsd.org
index e63f80d..30aeb94 100644
--- a/content/posts/letsencrypt-on-openbsd.org
+++ b/content/posts/letsencrypt-on-openbsd.org
@@ -7,18 +7,19 @@
 #+SLUG:
 #+SUMMARY:
 
-   So I have an OpenBSD server serving a static website using
-   =httpd=. I've been thinking for a while I should add an SSL
-   certificate, but never got around to it because it was just a small
-   hobby website and it didn't require any real attention.
+So I have an OpenBSD server serving a static website using
+=httpd=. I've been thinking for a while I should add an SSL
+certificate, but never got around to it because it was just a small
+hobby website and it didn't require any real attention.
 
-   Today while watching one of the OpenBSD tutorials at BSDCan, I
-   thought it was finally time. Since configuring everything else in
-   OpenBSD is so easy, this must be easy too, right?
+Today while watching one of the OpenBSD tutorials at BSDCan, I thought
+it was finally time. Since configuring everything else in OpenBSD is
+so easy, this must be easy too, right?
 
-   These were the only changes I had to make to my =httpd.conf= to get
-   =acme-client= to work. This is described in the =acme-client= man page.
-   #+BEGIN_SRC diff
+These were the only changes I had to make to my =httpd.conf= to get
+=acme-client= to work. This is described in the =acme-client= man
+page.
+#+BEGIN_SRC diff
 --- httpd.conf
 +++ httpd.conf.new
 @@ -1,4 +1,19 @@
@@ -30,14 +31,15 @@
 +    request strip 2
 +  }
 +}
-   #+END_SRC
+#+END_SRC
 
-   After that, I reloaded =httpd= with ~rcctl reload httpd~
+After that, I reloaded =httpd= with ~rcctl reload httpd~
 
-   I then copies the example config from
-   =/etc/examples/acme-client.conf= to =/etc/acme-client=. This is
-   what the modifications to the example I made look like.
-   #+BEGIN_SRC diff
+I then copies the example config from =/etc/examples/acme-client.conf=
+to =/etc/acme-client=. This is what the modifications to the example I
+made look like.
+
+#+BEGIN_SRC diff
 --- acme-client.conf
 +++ acme-client.conf.new
 @@ -1,19 +1,19 @@
@@ -64,27 +66,28 @@
 +	domain full chain certificate "/etc/ssl/lambda.cx.fullchain.pem"
  	sign with letsencrypt
  }
-   #+END_SRC
+#+END_SRC
+
+It's a pretty small change. I have the alternative name line commented
+out because I only have =lambda.cx= pointing at my server and not
+=www.lambda.cx=. Although if I did I would un-comment it. I could also
+add sub-domains like =sub.lambda.cx= in that area separated by a
+space.
 
-   It's a pretty small change. I have the alternative name line
-   commented out because I only have =lambda.cx= pointing at my server
-   and not =www.lambda.cx=. Although if I did I would un-comment it. I
-   could also add sub-domains like =sub.lambda.cx= in that area
-   separated by a space.
+After that I just had to run ~acme-client -v lambda.cx~ (-v for
+verbosity) and it generated the certificates.
 
-   After that I just had to run ~acme-client -v lambda.cx~ (-v for
-   verbosity) and it generated the certificates.
+Then I added a =crontab= entry (using =crontab -e=) to run once a day
+at a random time and reload =httpd=.
 
-   Then I added a =crontab= entry (using =crontab -e=) to run once a
-   day at a random time and reload =httpd=.
-   #+BEGIN_SRC
+#+BEGIN_SRC
 ~	~	*	*	*	acme-client lambda.cx && rcctl reload httpd
-   #+END_SRC
+#+END_SRC
 
-   Finally to use the new certificates I added the following lines to my
-   =httpd.conf=.
+Finally to use the new certificates I added the following lines to my
+=httpd.conf=.
 
-   #+BEGIN_SRC diff
+#+BEGIN_SRC diff
 --- httpd.conf
 +++ httpd.conf.new
 @@ -1,8 +1,21 @@
@@ -109,7 +112,7 @@
 +    request strip 2
 +  }
 +}
-  #+END_SRC
+#+END_SRC
 
-  I reloaded httpd with ~rcctl reload httpd~ and that was it, working
-  certificate!
+I reloaded httpd with ~rcctl reload httpd~ and that was it, working
+certificate!