| 1 Nov 2022 |
 Arian | so we can remove it form the allow list. | 11:58:19 |
| Arian | FYI | 11:58:21 |
 hexa | feel free to provide a PR | 16:25:19 |
 m1cr0man | I can't think of any reason removing the /.well-known/acme-challenge path from HTTPS (nginx) servers would cause any issues? https://github.com/NixOS/nixpkgs/pull/199033 If the test suite passes I'm happy. | 22:14:52 |
| m1cr0man | Ah of course.. ncfavier reminding me that port 80 with no redirect (aka forceSSL = false) is still technically a valid configuration ;) So this PR is no good, shouldn't be merged. | 23:34:41 |
| 2 Nov 2022 |
|  shapr left the room. | 12:44:42 |
| 5 Nov 2022 |
|  hjulle set a profile picture. | 04:09:44 |
| 6 Nov 2022 |
| m1cr0man | https://github.com/NixOS/nixpkgs/pull/199033#issuecomment-1304784282 Hopefully I phrased that well enough, but I don't want to merge that PR because it increases the complexity of the module for no real gain other than a shorter generated config in specific situations | 12:00:49 |
| 7 Nov 2022 |
|  CPU joined the room. | 01:10:57 |
| 8 Nov 2022 |
|  pbsds changed their profile picture. | 00:46:03 |
| 11 Nov 2022 |
|  evils left the room. | 21:52:46 |
| 16 Nov 2022 |
|  omlet joined the room. | 20:34:16 |
| 17 Nov 2022 |
 Andreas Schrägle | Hey. I've been getting kind of annoyed by letsencrypt texting me about my expiring certs, because I changed something about them and didn't revoke them. So, is there anything we can do to automate this?
Have people thought about this and documented their thoughts somewhere? | 21:55:23 |
| 18 Nov 2022 |
| hexa | sounds like a neat idea | 00:02:42 |
| omlet left the room. | 00:31:07 |
| 19 Nov 2022 |
|  uny left the room. | 23:02:51 |
| 20 Nov 2022 |
 K900 | https://hydra.nixos.org/build/199252313/nixlog/20 | 15:17:10 |
| K900 | What is even happening here | 15:17:15 |
| Andreas Schrägle | openssl x509 -noout -dates < ~/nixpkgs/nixos/tests/common/acme/server/acme.test.cert.pem
notBefore=Oct 21 13:28:36 2020 GMT
notAfter=Nov 20 13:28:36 2022 GMT
| 15:35:59 |
| K900 | Why are we hardcoding those anyway, m | 15:40:41 |
| K900 | * Why are we hardcoding those anyway? | 15:40:44 |
| Andreas Schrägle | there's a readme explaining it in that directory | 15:41:28 |
| K900 | No but like | 15:45:40 |
| K900 | Why can't we just generate them as part of the test | 15:45:48 |
| Andreas Schrägle | maybe because they're not only used in this test?
maybe that would be a solution in general. the readme links a lengthy discussion, which I apparently read at the time, because I reacted to some things, but don't really remember. | 15:48:28 |
| Andreas Schrägle | short term, regenerating them will unblock the channel. I'd suggest we do that and then someone can think about a potentially better solution. | 15:49:33 |
| K900 | Agreed | 15:50:56 |
| 26 Nov 2022 |
| K900 | The test broke again :( | 06:57:25 |
| K900 | https://hydra.nixos.org/build/200012010/nixlog/8 | 06:57:27 |
| hexa | to be fair, there was no fix yet 🙂 | 18:10:47 |
