2098358032:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/usr/src/lib/libcrypto/pem/pem_lib.c:690:Expecting: ANY PRIVATE KEY

[user10012]

acme-client -vv mydomain.com acme-client: /etc/acme/letsencrypt-privkey.pem: PEM_read_PrivateKeyacme-client: /etc/ssl/private/mydomain.key: loaded RSA domain key 2098358032:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/usr/src/lib/libcrypto/pem/pem_lib.c:690:Expecting: ANY PRIVATE KEY acme-client: /etc/ssl/mydomain.crt: certificate valid: 37 days left acme-client: bad exit: acctproc(63594): 1

This is a machine running obsd 6.1. I have another machine with 6.1 on which I generated the key/crt. I then copied them over to this machine (port 80 is blocked; it only runs https), upgraded it from 6.0 to 6.1 and tried to run acme-client.

1. Can acme-client renew certs if via my server running only on https?
2. Will this error prevent its renewal?
3. How can I eliminate this error?

[user10012]

SOLVED (at least functionally) I think I found (part of) the problem: my account key is empty. But acme-client -vvA mydomain did not produce an account key.

I copied over the account key from my other machine and now acme-client works.

Why was I not able to create an account key? Is the reason due to my having made the private key on another machine?

[user10012]

and can acme-client update if the web server is only running https? I am using apache, and the relevant part of my configuration file reads, <Directory /var/www/htdocs/.well-known/acme-challenge> Options None AllowOverride None Require all granted Header add Content-Type text/plain </Directory> Is this correct?