Letsencrypt certificates

To: netbsd-users%netbsd.org@localhost
Subject: Letsencrypt certificates
From: steve%prd.co.uk@localhost (Steve Blinkhorn)
Date: Tue, 22 Oct 2019 14:52:43 +0000 (UTC)

I run multiple web servers on several distinct machines in each of four
different domains, which makes the Letsencrypt proposition very
attractive.  After trying Certbot without much success, I lit upon
acme.sh, which offers the possiblity of authentication using
nsupdate(1).  However the process fails, and the relevant error
messages says:

Error add txt for domain:_acme-challenge.prd.co.uk

I note that the man page for nsupdate(1) says:

To use a SIG(0) key, the public key must be stored in a KEY record in a zone
served by the name server.  nsupdate does not read /etc/named.conf.

I am trying to work out whether that means that the keyfile
contents must be manually added to the zone file, because in
named.conf I have an include line for update.key which contains the
path to that key, so it should be there already.

I note that on the acme.sh site there is a long list of *nix-style OSs
on which success has been reported, but not NetBSD.

-- 
Steve Blinkhorn <steve%prd.co.uk@localhost>

Follow-Ups:
- Re: Letsencrypt certificates
  - From: Dima Veselov
- Re: Letsencrypt certificates
  - From: Andreas Gustafsson
- Re: Letsencrypt certificates
  - From: reed

Prev by Date: Re: upgrade in-place process?
Next by Date: Re: Letsencrypt certificates
Previous by Thread: upgrade in-place process?
Next by Thread: Re: Letsencrypt certificates
Indexes:

Home | Main Index | Thread Index | Old Index