From: "Marc.J" <openbsd@cypher-fox.com>
Subject: add .crt to acme-client.conf example
To: tech@openbsd.org
Date: Mon, 19 May 2025 12:10:00 +0200
Reply-To: openbsd@cypher-fox.com

Hi,

The existing acme-client.conf example referenced a .pem full chain 
certificate, which could be confusing since daemons like relayd and 
httpd expect .crt certificates in /etc/ssl.

This patch adds an explicit .crt certificate line to the example to 
align with those daemons' expectations. The .pem line is retained to 
demonstrate that other extensions can also be used, providing 
flexibility for users.


Index: etc/examples/acme-client.conf
===================================================================
RCS file: /cvs/src/etc/examples/acme-client.conf,v
diff -u -p -u -r1.5 acme-client.conf
--- etc/examples/acme-client.conf	10 May 2023 07:34:57 -0000	1.5
+++ etc/examples/acme-client.conf	19 May 2025 10:04:32 -0000
@@ -26,6 +26,8 @@ authority buypass-test {
  domain example.com {
  	alternative names { secure.example.com }
  	domain key "/etc/ssl/private/example.com.key"
+	# Daemons like relayd/httpd expect .crt certs
+	domain certificate "/etc/ssl/example.com.crt"
  	domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
  	# Test with the staging server to avoid aggressive rate-limiting.
  	#sign with letsencrypt-staging