Mailing List Archive

From:: Lucas de Sena <lucas@seninha.org>
Subject:: /etc/examples/httpd.conf: remove acme-challenge location from tls block
To:: tech@openbsd.org
Date:: Mon, 13 Jan 2025 19:53:01 -0300

Download raw body.

Thread

2025-01-13 22:53 Lucas de Sena:
/etc/examples/httpd.conf: remove acme-challenge location from tls block
- 2025-01-17 06:56 Stefan Hagen:
  /etc/examples/httpd.conf: remove acme-challenge location from tls block
- 2025-02-01 13:16 Lucas de Sena:
  /etc/examples/httpd.conf: remove acme-challenge location from tls block

This patch removes the acme-challenge location from the TLS block in
httpd.conf(5) example for port 443 (HTTPS).  Per RFC 8555, section 8.3
(https://www.rfc-editor.org/rfc/rfc8555#section-8.3):

> the challenge must be completed over HTTP, not HTTPS

There is no point in providing that location on HTTPS too.

diff /usr/src
path + /usr/src
commit - 7b08975fc0d222558ca53c00d21416b54423d3bb
blob - 3083d9703824057bf4645397afdcb308298aeb14
file + etc/examples/httpd.conf
--- etc/examples/httpd.conf
+++ etc/examples/httpd.conf
@@ -20,8 +20,4 @@ server "example.com" {
 	location "/pub/*" {
 		directory auto index
 	}
-	location "/.well-known/acme-challenge/*" {
-		root "/acme"
-		request strip 2
-	}
 }

2025-01-13 22:53 Lucas de Sena:
/etc/examples/httpd.conf: remove acme-challenge location from tls block
- 2025-01-17 06:56 Stefan Hagen:
  /etc/examples/httpd.conf: remove acme-challenge location from tls block
- 2025-02-01 13:16 Lucas de Sena:
  /etc/examples/httpd.conf: remove acme-challenge location from tls block