| 8 Jan 2022 |
 Winter (she/her) | Sorry about that | 16:18:49 |
| Winter (she/her) | * Oh, that’s… much simpler than what I was thinking (and much more obvious). | 16:19:18 |
| Winter (she/her) | * Sorry about that! | 16:19:27 |
 m1cr0man | Hah no bother! 😅 I mean, it's not that simple really, there's a lot of nesting there, and a lot of background info required | 17:01:36 |
| m1cr0man | Winter (she/her) sorry meant to approve that earlier in the night but done now, nice job | 23:04:53 |
| Winter (she/her) | you did half of the work tbh, but thanks! | 23:05:18 |
| 9 Jan 2022 |
| m1cr0man | Aaaand I'm finally using wildcard certs for my own domain, lol. It sounds kinda bad given I maintain it, but really I was maintaining a much larger system using acme + DNS challenges up until last year | 01:20:40 |
| 10 Jan 2022 |
| m1cr0man | whOOOps. I was today years old when I learned that a wildcard cert would not actually cover the root of the domain :P Matrix synapse silently broke overnight, since everyone started rejecting my domain | 19:24:44 |
| Winter (she/her) | Oh yeah I learned that too lol, I just changed to adding the wildcard to extraDomains and keeping it named the root domain | 19:40:37 |
| Winter (she/her) | Very fun | 19:40:43 |
 hexa | In reply to @m1cr0man:m1cr0man.com
whOOOps. I was today years old when I learned that a wildcard cert would not actually cover the root of the domain :P Matrix synapse silently broke overnight, since everyone started rejecting my domain you mean … the origin? | 20:11:18 |
| hexa | fwiw, *.example.com cannot be the common name, and therefore not the only SAN | 20:11:41 |
| hexa | so I added example.com | 20:11:51 |
| hexa | how did you get around that limitation? | 20:12:01 |
| Winter (she/her) | In reply to @hexa:lossy.network
how did you get around that limitation? are you asking about a certificate whose only domain is a wildcard? | 20:13:24 |
| hexa | yep | 20:13:35 |
| Winter (she/her) | i’m not sure — it just worked for me until i realized I needed to also add the root domain | 20:14:09 |
| m1cr0man | Yeah, it just worked for me too | 20:14:57 |
| m1cr0man | it wasn't until I tried to browse to my root domain did I realise it wasn't working. I did the same as winter..but also the opposite :P I put my root domain in the SANs | 20:15:32 |
| hexa | security.acme.certificates."*.example.com" worked for you? | 20:15:54 |
| m1cr0man | fwiw, this is what I've document as "the way" on the nixos manual, so I gotta fix that | 20:15:56 |
| hexa | * security.acme.certificates."*.example.com" worked for you? | 20:16:01 |
| m1cr0man | no :) I did it the way it it is in the manual | 20:16:08 |
| hexa | who the hell reads the manual | 20:16:14 |
| m1cr0man | so the key is "m1cr0man.com", but I manually set the domain attr to "*.m1cr0man.com" | 20:16:28 |
| hexa | haha okay | 20:16:35 |
| m1cr0man | ... you know swapping the SAN and domain makes a lot of sense now winter lol | 20:16:39 |
| m1cr0man | This is what happens when you write docs in post :P | 20:17:03 |
| Winter (she/her) | BTW hexa, you mind taking a look at https://github.com/NixOS/nixpkgs/pull/153942? | 20:17:35 |
| Winter (she/her) | * BTW hexa, would you mind taking a look at https://github.com/NixOS/nixpkgs/pull/153942 ? | 20:17:43 |
