From: Lucas de Sena <lucas@seninha.org>
Subject: Re: /etc/examples/httpd.conf: remove acme-challenge location from tls block
To: tech@openbsd.org
Date: Sat, 1 Feb 2025 10:16:52 -0300

On 2025-01-13, Lucas de Sena wrote:
> This patch removes the acme-challenge location from the TLS block in
> httpd.conf(5) example for port 443 (HTTPS).  Per RFC 8555, section 8.3
> (https://www.rfc-editor.org/rfc/rfc8555#section-8.3):
> 
> > the challenge must be completed over HTTP, not HTTPS
> 
> There is no point in providing that location on HTTPS too.
> 
> diff /usr/src
> path + /usr/src
> commit - 7b08975fc0d222558ca53c00d21416b54423d3bb
> blob - 3083d9703824057bf4645397afdcb308298aeb14
> file + etc/examples/httpd.conf
> --- etc/examples/httpd.conf
> +++ etc/examples/httpd.conf
> @@ -20,8 +20,4 @@ server "example.com" {
>  	location "/pub/*" {
>  		directory auto index
>  	}
> -	location "/.well-known/acme-challenge/*" {
> -		root "/acme"
> -		request strip 2
> -	}
>  }
> 

Ping.