| 12 Jan 2026 |
 hexa | * we only fail if above valid min days | 02:05:24 |
| hexa | Redacted or Malformed Event | 02:05:28 |
| hexa | we run renew always, but only fail if below validMinDays | 02:06:02 |
| hexa | if is_expiration_skippable out/full.pem; then
echo 1>&2 "nixos-acme: Ignoring failed renewal because expiration isn't within the coming ${toString data.validMinDays} days"
else
# High number to avoid Systemd reserved codes.
exit 11
| 02:06:31 |
| hexa | that's this logic | 02:06:33 |
| hexa | * if ! lego ${renewOpts} --days ${toString data.validMinDays}; then
if is_expiration_skippable out/full.pem; then
echo 1>&2 "nixos-acme: Ignoring failed renewal because expiration isn't within the coming ${toString data.validMinDays} days"
else
# High number to avoid Systemd reserved codes.
exit 11
| 02:06:46 |
 Tom | ah, okay | 02:07:36 |
| hexa | Tom: feel free to test https://github.com/NixOS/nixpkgs/pull/479212 | 02:12:04 |
 Sandro 🐧 | Since I don't want to renew all acme certs for all nixos users again, I leave that to someone experienced | 15:53:31 |
| hexa | 
Download image.png | 19:21:06 |
| hexa | 🤔 | 19:21:10 |
| hexa | well, we use the email as kind of an account name | 19:26:23 |
| hexa | tough | 19:26:27 |
| hexa | I suppose these are created by lego | 19:28:44 |
| hexa | so the question would be how it names them with no email given | 19:28:53 |
| hexa |
I decorrelated the email (used by the LE account) and the user ID (used to create files and directories).
| 19:40:47 |
| hexa | https://github.com/go-acme/lego/pull/2736 | 19:40:50 |
| hexa |
const userIDPlaceholder = "noemail@example.com"
| 19:41:10 |
| Sandro 🐧 | looks kind hacky | 20:44:38 |
 m1cr0man | Hey... organising a wedding, and was out of country over christmas. Will try and find time tomorrow evening to review + possibly contribute to some of the acme things. I am still reading all the emails, and it's painful not to have time to respond | 22:33:08 |
| 22 Jan 2026 |
|  jappie joined the room. | 20:46:15 |
|  trix joined the room. | 21:01:59 |
| Tom | trix: btw. i would expect you to also run into the problem that is hopefully solved by https://github.com/NixOS/nixpkgs/pull/479212
At least i did when testing with ip certificates. I got it working but had to trick a bit | 21:06:40 |
| Tom | * trix: btw. i would expect you to also run into the problem that is hopefully solved by https://github.com/NixOS/nixpkgs/pull/479212
At least i did when testing with ip certificates. I got it working without that PR but had to trick a bit | 21:07:04 |
| trix | uh, I was able to get it working | 21:14:10 |
| trix | https://paste.debian.net/hidden/c29df77c | 21:14:11 |
| trix | key thing is profile = 'shortlived' and --disable-cn as an extra LEGO flag | 21:14:34 |
| trix | fyi i'm mostly trying this out because i'm too lazy to setup a domain on this temporary box, so this is just to test things out | 21:26:06 |
|  Nico joined the room. | 23:04:16 |
| 23 Jan 2026 |
|  Albert Larsan joined the room. | 06:29:51 |
