From: Adriano Barbosa <barbosa.aob@gmail.com>
Subject: Re: acme-client.conf(5): make example relayd(8)-friendly
To: Lloyd <ng2d68@proton.me>
Cc: "tech@openbsd.org" <tech@openbsd.org>
Date: Mon, 28 Jul 2025 07:58:20 -0400

On Sun, Jul 27, 2025 at 09:27:58PM +0000, Lloyd wrote:
> Change default filename to match relayd(8) 'keypair' expectation (.crt):
> 
> Index: acme-client.conf
> ===================================================================
> RCS file: /cvs/src/etc/examples/acme-client.conf,v
> retrieving revision 1.5
> diff -u -p -u -p -r1.5 acme-client.conf
> --- acme-client.conf	10 May 2023 07:34:57 -0000	1.5
> +++ acme-client.conf	27 Jul 2025 20:51:29 -0000
> @@ -26,7 +26,7 @@ authority buypass-test {
>  domain example.com {
>  	alternative names { secure.example.com }
>  	domain key "/etc/ssl/private/example.com.key"
> -	domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
> +	domain full chain certificate "/etc/ssl/example.com.crt"
>  	# Test with the staging server to avoid aggressive rate-limiting.
>  	#sign with letsencrypt-staging
>  	sign with letsencrypt
> 

Or just add the desired certificate:


--- acme-client.conf.orig	Mon Jul 28 07:51:23 2025
+++ acme-client.conf	Mon Jul 28 07:52:01 2025
@@ -27,6 +27,7 @@
 	alternative names { secure.example.com }
 	domain key "/etc/ssl/private/example.com.key"
 	domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
+	domain certificate "/etc/ssl/example.com.crt"
 	# Test with the staging server to avoid aggressive rate-limiting.
 	#sign with letsencrypt-staging
 	sign with letsencrypt