caesonia
caesonia copied to clipboard
Arcane process of obtaining cert from acme-client
After hours of wrangling around this error:
acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized", "detail": "No registration exists matching provided key", "status": 403 }] (120 bytes)
I have found https://www.mail-archive.com/[email protected]/msg158174.html which provided sequence of actions that allowed to obtain cert. Not sure why requested-delete-request again was necessary, but it worked.
On the sidenote, first two snippets of code provided at Install :: Let's encrypt section don't quite work:
sed -i -e "s|^$(echo -e "\t")tls|$(echo -e "\t")#tls|" \
-e "/# (!) TLS/ s|listen on \$IP tls port https|listen on ::1 port http|" \
/etc/httpd.conf
returns bash: !: event not found
. Not a regexp guru, but it seems like !
should be escaped.
The acme-client error, in the mailing list message, was related to "agreement url". Perhaps the key format also changed at that time, I don't recall.
Remove deprecated agreement url. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/acme-client.conf.diff?r1=1.5&r2=1.6&f=h
rm old keys (from <=6.2 era) before running the client - remove file /etc/acme/letsencrypt-privkey.pem