From: "Marc.J" <openbsd@cypher-fox.com>
Subject: Re: add .crt to acme-client.conf example
To: tech@openbsd.org
Date: Mon, 19 May 2025 12:51:35 +0200
Reply-To: openbsd@cypher-fox.com

> 
> httpd doesn't. relayd is just weird anyway.
> 

You're absolutely right, httpd doesn't require .crt, and relayd is a bit 
peculiar

But since relayd will try to load a .crt, and httpd references .crt as 
default in both its man page and source code, it's reasonable to have 
that reflected in the example configuration for clarity and consistency.



Index: etc/examples/acme-client.conf
===================================================================
RCS file: /cvs/src/etc/examples/acme-client.conf,v
diff -u -p -u -r1.5 acme-client.conf
--- etc/examples/acme-client.conf	10 May 2023 07:34:57 -0000	1.5
+++ etc/examples/acme-client.conf	19 May 2025 10:38:17 -0000
@@ -26,7 +26,8 @@ authority buypass-test {
  domain example.com {
  	alternative names { secure.example.com }
  	domain key "/etc/ssl/private/example.com.key"
-	domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
+	domain certificate "/etc/ssl/example.com.crt"
+	domain full chain certificate "/etc/ssl/example.com.fullchain.crt"
  	# Test with the staging server to avoid aggressive rate-limiting.
  	#sign with letsencrypt-staging
  	sign with letsencrypt