| 26 Dec 2021 |
 m1cr0man | My logic at this point is if it can be done easily, we don't need to reimplement it. This is a case like that. If someone was trying to override the user itself, that would be more complex (and why I added useRoot in the PR, lol) | 21:12:15 |
| m1cr0man | speaking of the PR | 21:12:17 |
| m1cr0man | finally rebased :D | 21:13:17 |
 hexa | waiting for aanderse to take a look 🙂 | 21:49:11 |
| m1cr0man | ok | 21:49:38 |
 aanderse | which one? | 21:49:44 |
| m1cr0man | this one https://github.com/NixOS/nixpkgs/pull/147784 | 21:53:39 |
| m1cr0man | I found an issue with caddy, at least I'm 80% sure I did | 21:53:49 |
| aanderse | thanks! I'll look tonight | 21:54:41 |
| aanderse | hmmm ok
my cert takes 30 minutes to renew (no, I'm not being sarcastic at all ... between 20 and 30 minutes) so i actually haven't tested that it worked - i cannot properly | 21:56:28 |
 Winter (she/her) | tf lol | 21:59:24 |
| Winter (she/her) | is that on the server side? | 21:59:42 |
| m1cr0man | In reply to @aanderse:nixos.dev
hmmm ok
my cert takes 30 minutes to renew (no, I'm not being sarcastic at all ... between 20 and 30 minutes) so i actually haven't tested that it worked - i cannot properly You can nix-build the test suite now if you need a quick testing solution. Just comment out all the other subtests ;) | 22:14:59 |
| aanderse | Winter: yes
i like my dns provider because they have an awesome feature set and are a good price
i do not like how it takes 30 minutes for my wildcard to renew 😑 | 22:16:24 |
| aanderse | but since it's a wildcard i only need to do the one cert | 22:16:52 |
| aanderse | that happens on a timer so it's not a practical issue | 22:17:24 |
| m1cr0man | If your config is based on master/your own PR, you should be able to tell if renew has worked based on the age of the cert your caddy server is giving out right? | 22:20:36 |
| aanderse | that sounds right | 22:37:08 |
| hexa | I use rfc2316 with my own authoritative server and by default lego waits a minute between each SAN | 22:42:48 |
| hexa | if I reduce that time to ~10s it fails sometimes | 22:43:06 |
| hexa | which is worrying | 22:43:13 |
| hexa | like … why wouldn't 10 seconds work for a dynamic dns update 😕 | 22:43:22 |
| Winter (she/her) | In reply to @aanderse:nixos.dev
Winter: yes
i like my dns provider because they have an awesome feature set and are a good price
i do not like how it takes 30 minutes for my wildcard to renew 😑 what DNS provider if I may ask? | 22:55:50 |
| aanderse | namesilo | 23:03:50 |
 moritz.hedtke | In reply to @hexa:lossy.network
like … why wouldn't 10 seconds work for a dynamic dns update 😕 I could imagine because of the issues documented in https://letsencrypt.org/2020/02/19/multi-perspective-validation.html | 23:58:53 |
| moritz.hedtke | If I understood correctly what you mean | 23:59:04 |
| 27 Dec 2021 |
| moritz.hedtke | when I think about it the reasoning doesn't make sense in that case | 00:00:05 |
| moritz.hedtke | TTL? | 00:00:19 |
| hexa | moritz.hedtke: the record doesn't exist before the validation try | 00:02:41 |
| hexa | so negcache at worst | 00:02:57 |
