From b800e01a8b20e87fecb93ac5e0aedee01c178352 Mon Sep 17 00:00:00 2001 From: Dante Catalfamo Date: Tue, 16 Jun 2020 23:16:21 -0400 Subject: Remove whitrespace from beginning of post --- content/posts/letsencrypt-on-openbsd.org | 71 +++++++++++++++++--------------- 1 file changed, 37 insertions(+), 34 deletions(-) diff --git a/content/posts/letsencrypt-on-openbsd.org b/content/posts/letsencrypt-on-openbsd.org index e63f80d..30aeb94 100644 --- a/content/posts/letsencrypt-on-openbsd.org +++ b/content/posts/letsencrypt-on-openbsd.org @@ -7,18 +7,19 @@ #+SLUG: #+SUMMARY: - So I have an OpenBSD server serving a static website using - =httpd=. I've been thinking for a while I should add an SSL - certificate, but never got around to it because it was just a small - hobby website and it didn't require any real attention. +So I have an OpenBSD server serving a static website using +=httpd=. I've been thinking for a while I should add an SSL +certificate, but never got around to it because it was just a small +hobby website and it didn't require any real attention. - Today while watching one of the OpenBSD tutorials at BSDCan, I - thought it was finally time. Since configuring everything else in - OpenBSD is so easy, this must be easy too, right? +Today while watching one of the OpenBSD tutorials at BSDCan, I thought +it was finally time. Since configuring everything else in OpenBSD is +so easy, this must be easy too, right? - These were the only changes I had to make to my =httpd.conf= to get - =acme-client= to work. This is described in the =acme-client= man page. - #+BEGIN_SRC diff +These were the only changes I had to make to my =httpd.conf= to get +=acme-client= to work. This is described in the =acme-client= man +page. +#+BEGIN_SRC diff --- httpd.conf +++ httpd.conf.new @@ -1,4 +1,19 @@ @@ -30,14 +31,15 @@ + request strip 2 + } +} - #+END_SRC +#+END_SRC - After that, I reloaded =httpd= with ~rcctl reload httpd~ +After that, I reloaded =httpd= with ~rcctl reload httpd~ - I then copies the example config from - =/etc/examples/acme-client.conf= to =/etc/acme-client=. This is - what the modifications to the example I made look like. - #+BEGIN_SRC diff +I then copies the example config from =/etc/examples/acme-client.conf= +to =/etc/acme-client=. This is what the modifications to the example I +made look like. + +#+BEGIN_SRC diff --- acme-client.conf +++ acme-client.conf.new @@ -1,19 +1,19 @@ @@ -64,27 +66,28 @@ + domain full chain certificate "/etc/ssl/lambda.cx.fullchain.pem" sign with letsencrypt } - #+END_SRC +#+END_SRC + +It's a pretty small change. I have the alternative name line commented +out because I only have =lambda.cx= pointing at my server and not +=www.lambda.cx=. Although if I did I would un-comment it. I could also +add sub-domains like =sub.lambda.cx= in that area separated by a +space. - It's a pretty small change. I have the alternative name line - commented out because I only have =lambda.cx= pointing at my server - and not =www.lambda.cx=. Although if I did I would un-comment it. I - could also add sub-domains like =sub.lambda.cx= in that area - separated by a space. +After that I just had to run ~acme-client -v lambda.cx~ (-v for +verbosity) and it generated the certificates. - After that I just had to run ~acme-client -v lambda.cx~ (-v for - verbosity) and it generated the certificates. +Then I added a =crontab= entry (using =crontab -e=) to run once a day +at a random time and reload =httpd=. - Then I added a =crontab= entry (using =crontab -e=) to run once a - day at a random time and reload =httpd=. - #+BEGIN_SRC +#+BEGIN_SRC ~ ~ * * * acme-client lambda.cx && rcctl reload httpd - #+END_SRC +#+END_SRC - Finally to use the new certificates I added the following lines to my - =httpd.conf=. +Finally to use the new certificates I added the following lines to my +=httpd.conf=. - #+BEGIN_SRC diff +#+BEGIN_SRC diff --- httpd.conf +++ httpd.conf.new @@ -1,8 +1,21 @@ @@ -109,7 +112,7 @@ + request strip 2 + } +} - #+END_SRC +#+END_SRC - I reloaded httpd with ~rcctl reload httpd~ and that was it, working - certificate! +I reloaded httpd with ~rcctl reload httpd~ and that was it, working +certificate! -- cgit v1.2.3