rset(1) : Formulas

Let's Encrypt

Setup on OpenBSD

domain {
    alternative names { }
    domain key "/etc/ssl/private/"
    domain certificate "/etc/ssl/"
    domain full chain certificate "/etc/ssl/"
    sign with letsencrypt

Next create a minimal httpd configuration for the challenge that This is a bootstrap stage and will be replaced by a more complete configuration after we have the keys for TLS

server "default" {
    listen on egress port 80

    location "/.well-known/acme-challenge/*" {
        root "/acme"
        root strip 2

types {
    include "/usr/share/misc/mime.types"

Finally the ''rset'' script


    [ -f "/etc/ssl/acme/private/privkey.pem" ] && exit
    ./rinstall wiki/acme-httpd.conf /etc/httpd.conf
    rcctl restart -f httpd
    ./rinstall wiki/acme-client.conf /etc/acme-client.conf
    acme-client -vAD

Once the cert is generated a subsequent rule can go ahead an replace /etc/httpd.conf with a config that includes the tls keys

   # httpd.conf
   listen on * tls port 443

   tls {
       key "/etc/ssl/private/"
       certificate "/etc/ssl/"

Last updated on September 24, 2018