From: Moritz Buhl <mbuhl@openbsd.org>
Subject: Re: /etc/examples/httpd.conf: remove acme-challenge location from tls block
To: tech@openbsd.org
Cc: lucas@seninha.org
Date: Fri, 21 Feb 2025 11:22:30 +0100

On Sat, Feb 01, 2025 at 10:16:52AM -0300, Lucas de Sena wrote:
> On 2025-01-13, Lucas de Sena wrote:
> > This patch removes the acme-challenge location from the TLS block in
> > httpd.conf(5) example for port 443 (HTTPS).  Per RFC 8555, section 8.3
> > (https://www.rfc-editor.org/rfc/rfc8555#section-8.3):
> > 
> > > the challenge must be completed over HTTP, not HTTPS
> > 
> > There is no point in providing that location on HTTPS too.
> > 
> > diff /usr/src
> > path + /usr/src
> > commit - 7b08975fc0d222558ca53c00d21416b54423d3bb
> > blob - 3083d9703824057bf4645397afdcb308298aeb14
> > file + etc/examples/httpd.conf
> > --- etc/examples/httpd.conf
> > +++ etc/examples/httpd.conf
> > @@ -20,8 +20,4 @@ server "example.com" {
> >  	location "/pub/*" {
> >  		directory auto index
> >  	}
> > -	location "/.well-known/acme-challenge/*" {
> > -		root "/acme"
> > -		request strip 2
> > -	}
> >  }
> > 
> 
> Ping.
> 

I committed your diff. Thanks!

mbuhl