| 18 Sep 2022 |
 m1cr0man | https://github.com/go-acme/lego/pull/1657 lol just ran into this running tests. I'm gonna add -no-random-sleep in the test suite | 23:14:55 |
| 19 Sep 2022 |
| m1cr0man | WIP PR: https://github.com/NixOS/nixpkgs/pull/191861/files#diff-352faa44c3da86e70bd6b5a55ff13f0a900b0f2fac44229f352ed1fd5b93a262R486
Can you believe we didn't have a basic test for cert renewal? :P | 00:16:14 |
| m1cr0man | https://github.com/NixOS/nixpkgs/issues/180980 I really don't understand this ticket after an hour of reading | 19:46:08 |
| m1cr0man | From what I gather he's setting an explicit default server, but not all domains designated for HTTP-01 solving are set up with appropriate vhosts? He's relying on default_server behaviour to provide .well-known/acme-challenge to them. The nginx module doesn't set up a default_server by default and I can't see how I would introduce one without breaking existing configurations in some way, so is his own solution in the second last comment solving the whole ticket? | 19:48:42 |
| 4 Oct 2022 |
| m1cr0man | Hey folks. Anyone been able to look at https://github.com/NixOS/nixpkgs/pull/191861 ? There's a thread there about adding no-random-sleep to the default options. I think it makes sense due to how it will cause the renew service to run longer than necessary (and thus delay startup of dependent services), but this will update certHash and thus invalidate all existing certificates on all servers. I'd want to do that with the next release cycle which is coming up really soon. What do yous think of adding that option? | 21:03:13 |
| m1cr0man | I could add it here: https://github.com/m1cr0man/nixpkgs/blob/100dd8157d0843429081c31e76108897a27e7c06/nixos/modules/security/acme/default.nix#L192 which would not induce such a change. Infact, yeah I'll do that. This random delay does more harm than good, and hard coding it into the module will help rather than hinder. | 21:05:44 |
 hexa | could you report the state of the acme module in https://github.com/NixOS/nixpkgs/issues/194208? | 21:24:43 |
| hexa | like open issues you plan to tackle before the release | 21:24:54 |
| m1cr0man | yeah that's why im looking over this :) will do | 21:25:41 |
| hexa | thanks! 😄 | 21:27:05 |
| m1cr0man | Alright done :) | 21:53:56 |
| 9 Oct 2022 |
|  shapr joined the room. | 17:09:20 |
| shapr | Hello, I'm having problems with acme. Here's my entire configuration.nix .
The error I get is:
Oct 08 23:32:51 surtr nginx[88563]: 2022/10/08 23:32:51 [error] 88563#88563: *3038 open() "/var/lib/acme/acme-challenge/.well-known/acme-challenge/QRZ9CmjhedoazA3YKZaevRybxjy415mk-1OPiYmP9IY" failed (2: No such file or directory), client: 23.178.112.208, server: scannedinavian.com, request: "GET /.well-known/acme-challenge/QRZ9CmjhedoazA3YKZaevRybxjy415mk-1OPiYmP9IY HTTP/1.1", host: "scannedinavian.com"
Any idea why it's trying to serve from /var/lib/acme when I've set the webroot to /var/www | 17:11:55 |
| shapr | I found the problem! This line was setting the location incorrectly! | 20:44:55 |
| 15 Oct 2022 |
|  underpantsgnome changed their display name from underpantsgnome to underpantsgnome!. | 00:30:21 |
| 17 Oct 2022 |
 Winter (she/her) | Is it normal for (a) the renewal timers to fire on each reboot, and (b) for it to not be daily, as specified in the timer file? | 03:02:39 |
| Winter (she/her) | Here's what I mean:
```
Until: Sun 2022-10-16 22:57:57 EDT; 26s ago
Trigger: Mon 2022-10-17 05:09:17 EDT; 6h left
``` | 03:02:54 |
| Winter (she/her) | (Sorry for the screwed up formatting, I'm trying to edit it but my client keeps crashing.) | 03:04:04 |
| Winter (she/her) | It just seems weird -- that certainly isn't daily, and I don't think the random skew thing has any impact on this? | 03:04:31 |
| Winter (she/her) | Unless it'll then fire at 05:09:17 every day | 03:04:44 |
| Winter (she/her) | (well, until the next reboot, I guess) | 03:04:50 |
| Winter (she/her) | Definitely weird how it fires every reboot no matter what, though. | 03:05:10 |
| Winter (she/her) | (Also wow that Until: ... is confusing wording, maybe I can ask what upstream thinks about changing it.) | 03:05:46 |
| Winter (she/her) | Upon another reboot: Until: Sun 2022-10-16 23:30:55 EDT; 1min 8s ago
Trigger: Mon 2022-10-17 05:09:17 EDT; 5h 37min left
| 03:32:36 |
| Winter (she/her) | I noticed the stamp file seems to be holding an mtime from a few hours ago, and isn't being updated by these runs. | 03:34:11 |
| Winter (she/her) | Weird! | 03:34:12 |
| Winter (she/her) | Wonder what happens if I delete it and reboot. | 03:34:31 |
| Winter (she/her) | It gets recreated as expected, gonna reboot again. I assume it won't be updated. | 03:37:26 |
| Winter (she/her) | Yup, isn't updated, timer still fires at reboot. | 03:38:49 |
| hexa | In reply to @winterqt:nixos.dev
Definitely weird how it fires every reboot no matter what, though. that is likely Persist=yes, it will run on reboot if it should have run in the meantime | 08:03:22 |
