I am having an odd issue where it seems acme-client is failing to run correctly due to /etc/ssl/cert.pem missing:
# acme-client -vNn foo.bar.com
acme-client: /usr/local/etc/acme/privkey.pem: account key exists (not creating)
acme-client: /usr/local/etc/ssl/acme/private/privkey.pem: domain key exists (not creating)
acme-client: /etc/ssl/cert.pem: No such file or directory
acme-client: bad exit: netproc(2515): 1
I've followed the man page pretty closely, and I have installed LibreSSL on this system as well. I've not been able to find any reference to having to create a cert.pem file before running acme-client. Hopefully this is pebkac, but if not I'd like to help debug/test.
OS Rel Info:
$ uname -ar
FreeBSD webster 11.0-RELEASE-p2 FreeBSD 11.0-RELEASE-p2 #0: Mon Oct 24 06:55:27 UTC 2016 firstname.lastname@example.org:/usr/obj/usr/src/sys/GENERIC amd64
$ pkg info acme-client
Name : acme-client
Version : 0.1.15
pkg query '%Ok=%Ov' ca_root_nss
(In reply to Melvyn Sopacua from comment #1)
Ah - that was the hint I needed. After installing the ca_root_nss package the acme-client binary seems to be working as expected.
Would it be advisable to add a dependency for ca_root_nss to acme-client, or perhaps add a message after installation that you'll need to have valid certs on your system?
A commit references this bug:
Date: Sun Mar 26 10:47:45 UTC 2017
New revision: 436954
security/acme-client: Add run-time dep on ca_root_nss
- acme-client fails at runtime if CA roots not installed
Reported by: email@example.com