| 28 Mar 2025 |
|  Rayane Nakib (ريّان نقيب) changed their display name from Rayane Nakib (ريان نقيب) to Rayane Nakib (ريّان نقيب). | 22:52:02 |
| 1 Apr 2025 |
|  Sandro 🐧 changed their display name from Sandro 🐧 to Sandro 🐧 [c3d2]. | 13:57:36 |
| Sandro 🐧 changed their display name from Sandro 🐧 [c3d2] to Sandro 🐧. | 13:59:16 |
| 4 Apr 2025 |
|  @qbit:tapenet.org left the room. | 15:55:33 |
| 5 Apr 2025 |
|  @tinybronca:sibnsk.net removed their display name underpantsgnome. | 15:53:09 |
| @tinybronca:sibnsk.net left the room. | 15:56:20 |
| 19 Apr 2025 |
 hexa | ok, so bummer | 22:48:50 |
| hexa | enabling ARI caused lego to keep waiting | 22:49:54 |
| hexa | 2025/04/19 22:39:09 [INFO] [music.lossy.network] acme: renewalInfo endpoint indicates that renewal is needed
2025/04/19 22:39:09 [INFO] [music.lossy.network] Sleeping 21h43m27.656213001s until renewal time 2025-04-20 20:22:37.463135258 +0000 UTC
| 22:49:56 |
| hexa | but that resulted in nginx not starting up | 22:50:03 |
| hexa | because it depends on all the acme-${domain}.service units | 22:50:28 |
 emily | hm, I thought we were going to set it to just not wait? | 22:52:10 |
| hexa | and we did not set it to anything in nixpkgs | 22:54:08 |
| hexa | but I set it to something on my private infra | 22:54:16 |
| emily | right | 23:00:12 |
| emily | I think the current format will only work well when set to not wait at all | 23:00:19 |
| emily | (which should be fine as the cron job runs often anyway, though we might want to bump it) | 23:00:29 |
| 21 Apr 2025 |
 m1cr0man | There was some talk about bumping it when they announced the lower lifetime certs. Wouldn't be the worst thing to do. | 19:18:58 |
| 22 Apr 2025 |
| hexa | now 47 days was announced to be the next shorter lifespan | 23:08:50 |
| hexa | and I don't think it warrants trying more than daily for 7-14 days | 23:09:13 |
| hexa | * and I don't think it warrants trying more than daily | 23:09:33 |
| hexa | for 6 days that changes of course | 23:09:45 |
| 28 Apr 2025 |
| m1cr0man | https://github.com/NixOS/nixpkgs/pull/376334#pullrequestreview-2801003367 this is ready to go. I tested it too. | 21:26:09 |
| 29 Apr 2025 |
|  @ygt:matrix.org left the room. | 23:42:45 |
| 5 May 2025 |
 netpleb | hi everyone, does anybody have a workaround that fixes this pesky dns resolution issue when acme.certs... and BIND are running in a declarative nixos container?
Could not create client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": GET https://acme-v02.api.letsencrypt.org/directory giving up after 6 attempt(s): Get "https://acme-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-v02.api.letsencrypt.org: Temporary failure in name resolution
| 17:59:16 |
| netpleb | what seems to be happening is that acme is starting so early that the container is unable to route things yet. Maybe the host has not installed routes yet? but that somehow acme blocks until it times out. | 18:00:34 |
