| 4 Oct 2021 |
 hexa | In reply to @aanderse:nixos.dev
any chance we need to update LEGO? ... or iunno... anything? i think the letsencrypt root cert expired recently and one of my certs is having issues when being used with prosody
i don't have many details, sorry, short on time updated lego nevertheless. https://github.com/NixOS/nixpkgs/pull/140479 | 12:54:44 |
| hexa | In reply to @hexa:lossy.network
some location block shadowing the webroot? try removing the location blocks one by one to rule them out | 12:55:14 |
 Dandellion | Mhm, will try | 12:55:49 |
| hexa | also check your nginx log, it might show you the full path it tried | 12:56:14 |
 aanderse | thanks | 12:56:29 |
| Dandellion | In reply to @hexa:lossy.network
try removing the location blocks one by one to rule them out For some crazy reason I had
services.nginx.virtualHosts = {
"acmechallenge.dodsorf.as" = {
# Catchall vhost, will redirect users to HTTPS for all vhosts
serverAliases = [ "*.dodsorf.as" ];
# /var/lib/acme/.challenges must be writable by the ACME user
# and readable by the Nginx user.
# By default, this is the case.
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
locations."/" = {
return = "301 https://$host$request_uri";
};
};
};
in my config
| 20:38:31 |
| hexa | 🙂 | 20:39:13 |
| Dandellion | which it seems I copied from here https://nixos.org/manual/nixos/stable/#module-security-acme-configuring | 20:39:35 |
| Dandellion | probably from when I was using traefik or something :) | 20:40:15 |
| Dandellion | Thanks for your help! | 20:40:27 |
| hexa | np | 20:47:58 |
| 5 Oct 2021 |
|  David Guibert joined the room. | 07:01:54 |
| 6 Oct 2021 |
|  Rosario Pulella changed their display name from rosariopulella to Rosuavio. | 10:38:32 |
| Rosario Pulella changed their display name from Rosuavio to Rosario Pulella. | 10:44:57 |
 m1cr0man | Hey folks 👋 been a while since I've been on Matrix 😅 How are things? Seeing the news about the acme root cert stuff last week, it was nice to know that our module was not going to result in any issues 💪 😉 | 20:21:14 |
| hexa | yeah, the module is really awesome, and we are iterating in small steps on it to make it even better! | 20:47:23 |
| hexa | two things on the 21.11 agenda | 20:47:33 |
| hexa | https://github.com/NixOS/nixpkgs/pull/139311 (hardening fix)
https://github.com/NixOS/nixpkgs/pull/140743 (design)
https://github.com/NixOS/nixpkgs/pull/125256 (stale)
https://github.com/NixOS/nixpkgs/pull/140479 (merged) | 20:48:43 |
| 12 Oct 2021 |
 @grahamc:nixos.org | I don't suppose our module supports DNS01 challenges? | 15:01:20 |
| @grahamc:nixos.org | security.acme.certs.<name>.dnsProvider hmm it seems to... time to read the module | 15:02:12 |
| @grahamc:nixos.org | hot dog https://github.com/NixOS/nixpkgs/blob/nixos-21.05/nixos/modules/security/acme.nix#L125-L131 | 15:02:35 |
| @grahamc:nixos.org | this is so much easier than it used to be | 15:03:22 |
| hexa | since 20.09 😁 | 15:06:09 |
 Arian | You're welcome! | 15:11:05 |
| 16 Oct 2021 |
| hexa | m1cr0man: need feedback here https://github.com/NixOS/nixpkgs/pull/139311 | 15:59:03 |
| 25 Oct 2021 |
| m1cr0man | Hehe my own certs were broke :P I think some part of the certhash logic failed.. might need to investigate that. I'm not quick to blame the service though because I (naturally) mess around with it so much | 18:54:27 |
| m1cr0man | Sorry I was AWOL I've been very busy | 18:54:40 |
|  haugh changed their profile picture. | 23:04:28 |
| 26 Oct 2021 |
| @grahamc:nixos.orgchanged room power levels. | 01:18:33 |
|  NixOS Moderation Bot changed their display name from mjolnir to NixOS Moderation Bot. | 02:00:18 |
