| 29 Jan 2025 |
 K900 ⚡️ | It seems like it's just correlated with machine loa | 07:50:57 |
| K900 ⚡️ | * It seems like it's just correlated with machine load | 07:50:58 |
 Arian | :(( | 13:02:12 |
| Arian | Nuclear option: do we wanna disable the tests on at least unstable for now? | 13:02:26 |
| Arian | I feel bad for this being a channel blocker | 13:02:32 |
| K900 ⚡️ | I don't think we should | 13:19:47 |
| K900 ⚡️ | If it actually breaks, we'll get a bunch of people offline | 13:20:02 |
| K900 ⚡️ | I'm fine kicking it every now and then to make sure that doesn't happen | 13:20:22 |
 m1cr0man | I nearly have the test suite rewritten - working on webserver test isolation now. It will be a lot more reliable, and we can disable tests piecemeal instead of disabling the whole suite if it gets flakey again. | 17:28:03 |
| K900 ⚡️ | ❤️ | 18:03:25 |
| m1cr0man | Are you KIDDING me? There's an option on pebble that sets a percentage failure for cert validation? https://github.com/letsencrypt/pebble?tab=readme-ov-file#invalid-anti-replay-nonce-errors | 19:04:31 |
| m1cr0man | It's been in there for 8 years apparently 🫠 probably not the source of the main problems but still, I've disabled it | 19:07:39 |
| K900 ⚡️ | Uhh | 19:13:13 |
| K900 ⚡️ | I think that's a good thing actually? | 19:13:17 |
| K900 ⚡️ | It seems useful to verify lego behaves correctly in that case | 19:13:30 |
| m1cr0man | This has been a decision from the get-go: We are not testing lego, we are testing the Nix module. I have 0 interest in testing behaviour of lego outside of standard operation. | 20:16:47 |
| 2 Feb 2025 |
| m1cr0man | https://github.com/NixOS/nixpkgs/issues/374792#issuecomment-2629203727 | 02:07:22 |
| 6 Feb 2025 |
|  Jeff changed their profile picture. | 06:10:06 |
| 15 Feb 2025 |
|  BenjB83 joined the room. | 10:19:26 |
| BenjB83 changed their display name from Benjamín Buske to BenjB83. | 10:43:22 |
| 16 Feb 2025 |
 ThinkChaos | I'm looking at what can be done to create the ACME account separately of fetching a cert again because of the impending Revert "nixos/nginx: not "before" ACME certs using DNS validation".
m1cr0man Have you already brought up adding a lego sub-command that only creates the account with them?
That looks like something I can try to contribute there, so I'm curious if there's relevant discussion I didn't find. | 22:13:39 |
| m1cr0man | I haven't reached out to lego about that specifically. It would be a nice thing to have for sure | 22:43:14 |
| m1cr0man | We could then add it to the setup service | 22:43:23 |
| ThinkChaos | Ok, I'll look into it more | 22:43:59 |
| ThinkChaos | Exactly, the goal behind it is to simplify the unit dependencies | 22:44:34 |
| 17 Feb 2025 |
 hexa | I don't think we currently support ACME Renwal Info (ARI), because don't execute lego when the certificate is not yet outdated | 16:55:13 |
| hexa | https://github.com/go-acme/lego/pull/1912 | 16:55:14 |
 emily | I thought we execute lego like every 24 hours | 16:56:10 |
| hexa | LE are currently sending out mail to their subscribers with recommendations | 16:56:11 |
| emily | did that get conditionalized? | 16:56:15 |
