From: Lucas de Sena <lucas@seninha.org>
Subject: /etc/examples/httpd.conf: remove acme-challenge location from tls block
To: tech@openbsd.org
Date: Mon, 13 Jan 2025 19:53:01 -0300

This patch removes the acme-challenge location from the TLS block in
httpd.conf(5) example for port 443 (HTTPS).  Per RFC 8555, section 8.3
(https://www.rfc-editor.org/rfc/rfc8555#section-8.3):

> the challenge must be completed over HTTP, not HTTPS

There is no point in providing that location on HTTPS too.

diff /usr/src
path + /usr/src
commit - 7b08975fc0d222558ca53c00d21416b54423d3bb
blob - 3083d9703824057bf4645397afdcb308298aeb14
file + etc/examples/httpd.conf
--- etc/examples/httpd.conf
+++ etc/examples/httpd.conf
@@ -20,8 +20,4 @@ server "example.com" {
 	location "/pub/*" {
 		directory auto index
 	}
-	location "/.well-known/acme-challenge/*" {
-		root "/acme"
-		request strip 2
-	}
 }