Arcane process of obtaining cert from acme-client

[savchenko]

After hours of wrangling around this error:

acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized", "detail": "No registration exists matching provided key", "status": 403 }] (120 bytes)

I have found https://www.mail-archive.com/misc@openbsd.org/msg158174.html which provided sequence of actions that allowed to obtain cert. Not sure why requested-delete-request again was necessary, but it worked.

On the sidenote, first two snippets of code provided at Install :: Let's encrypt section don't quite work:

sed -i -e "s|^$(echo -e "\t")tls|$(echo -e "\t")#tls|" \
    -e "/# (!) TLS/ s|listen on \$IP tls port https|listen on ::1 port http|" \
    /etc/httpd.conf

returns bash: !: event not found. Not a regexp guru, but it seems like ! should be escaped.

[horia]

The acme-client error, in the mailing list message, was related to "agreement url". Perhaps the key format also changed at that time, I don't recall.

Remove deprecated agreement url. http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/acme-client.conf.diff?r1=1.5&r2=1.6&f=h

[cypa]

rm old keys (from <=6.2 era) before running the client - remove file /etc/acme/letsencrypt-privkey.pem