From owner-freebsd-questions@freebsd.org Thu Jan 18 23:10:04 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9AB5DEB22E7 for ; Thu, 18 Jan 2018 23:10:04 +0000 (UTC) (envelope-from peter@boosten.org) Received: from smtpq1.mnd.mail.iss.as9143.net (smtpq1.mnd.mail.iss.as9143.net [212.54.34.164]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5B034369C for ; Thu, 18 Jan 2018 23:10:04 +0000 (UTC) (envelope-from peter@boosten.org) Received: from [212.54.34.119] (helo=smtp11.mnd.mail.iss.as9143.net) by smtpq1.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1ecJ37-0008HT-GH; Thu, 18 Jan 2018 23:52:45 +0100 Received: from 5419f71f.cm-5-2d.dynamic.ziggo.nl ([84.25.247.31] helo=ra.boosten.org) by smtp11.mnd.mail.iss.as9143.net with esmtp (Exim 4.86_2) (envelope-from ) id 1ecJ37-0001o1-Ee; Thu, 18 Jan 2018 23:52:45 +0100 Received: from mbp.egypt.nl (mbp.egypt.nl [192.168.13.33]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ra.boosten.org (Postfix) with ESMTPSA id 50A6B3433276; Thu, 18 Jan 2018 23:52:45 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\)) Subject: Re: acme-client and multiple domains periodic renewal From: Peter Boosten In-Reply-To: Date: Thu, 18 Jan 2018 23:52:42 +0100 Cc: freebsd-questions Content-Transfer-Encoding: quoted-printable Message-Id: References: <21941967-64AB-4585-8F16-1323CF080E54@boosten.org> To: David Mehler X-Mailer: Apple Mail (2.3124) X-SourceIP: 84.25.247.31 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=WpMFz+Xv c=1 sm=1 tr=0 a=JWBJsaPp29SgP5DpYRBqZw==:17 a=IkcTkHD0fZMA:10 a=RgaUWeydRksA:10 a=sRcfdx2RAAAA:8 a=2D-5oqQvB8FrW6q2UScA:9 a=QEXdDO2ut3YA:10 a=70MQ-f9UQlHYFu1tUsrW:22 none X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jan 2018 23:10:04 -0000 Hi David, I=E2=80=99ve defined the acme alias for every virtual host: Alias /.well-known/acme-challenge "/usr/local/www/acme/" SSLCertificateFile =E2=80=A6 SSLEngine on RewriteEngine on RewriteCond %{HTTPS} !=3Don RewriteRule .* https://%{HTTP_HOST}/%{REQUEST_URI} [R=3D301,L,QSA] Options None AllowOverride None ForceType text/plain Require all granted The main difference between your and my configuration is the Alias. It = took me a while to get this right. /usr/local/etc/acme/acme-client.sh holds this: BASEDIR=3D"/usr/local/etc/acme" SSLDIR=3D"/usr/local/etc/ssl/acme" DOMAINSFILE=3D"${BASEDIR}/domains.txt" CHALLENGEDIR=3D"/usr/local/www/acme" and=20 domains.txt: domain.one www.domain.one sub.domain.one sub2.domain.one I did some troubleshooting by running the acme-client (in = /usr/local/bin) manually (don=E2=80=99t forget the -s, or else you will = be blocked for some time). Peter