!MthpOIxqJhTgrMNxDS:nixos.org

NixOS ACME / LetsEncrypt

85 Members
Another day, another cert renewal38 Servers

Load older messages

SenderMessageTime
16 Dec 2023
@raitobezarius:matrix.orgraitobezariusI actually followed the docs15:22:17
@raitobezarius:matrix.orgraitobezarius 
# A configuration example of a full node setup using this would be this:
#
# {
#   acme = import ./common/acme/server;
#
#   example = { nodes, ... }: {
#     networking.nameservers = [
#       nodes.acme.networking.primaryIPAddress
#     ];
#     security.pki.certificateFiles = [
#       nodes.acme.test-support.acme.caCert
#     ];
#   };
# }
15:22:19
@raitobezarius:matrix.orgraitobezarius Also, it seems to occur during evaluation of … while evaluating the option nodes.acme.warnings':` 15:24:43
@raitobezarius:matrix.orgraitobezarius * Also, it seems to occur during evaluation of … while evaluating the option `nodes.acme.warnings':\ 15:24:48
@raitobezarius:matrix.orgraitobezariushah it's a bug15:26:40
@raitobezarius:matrix.orgraitobezariusBIND maintenance is really meh15:26:56
@raitobezarius:matrix.orgraitobezariusor ACME common code maintenance is meh15:34:26
@raitobezarius:matrix.orgraitobezariusIt can go both way, anyway, found a bug15:34:30
@raitobezarius:matrix.orgraitobezariusthe parser of /etc/hosts is also more generically broken16:03:02
* @raitobezarius:matrix.orgraitobezarius found another one character bug16:08:08
18 Dec 2023
@m1cr0man:m1cr0man.comm1cr0manI would take acme common code maint being meh, it hasn't been touched in ages06:55:50
@m1cr0man:m1cr0man.comm1cr0manneeds a whole rewrite, too unreliable06:56:05
23 Dec 2023
@raitobezarius:matrix.orgraitobezarius changed their display name from raitobezarius to raitobezarius (DECT 2128).22:22:39
26 Dec 2023
@sugi:matrix.besaid.detokudan changed their display name from sugi to sugi 📞8658.00:55:57
30 Dec 2023
@raitobezarius:matrix.orgraitobezarius changed their display name from raitobezarius (DECT 2128) to raitobezarius.19:53:18
@sugi:matrix.besaid.detokudan changed their display name from sugi 📞8658 to tokudan.23:00:21
5 Jan 2024
@obsqrprjkt:matrix.orgobsqrprjkt joined the room.14:07:59
27 Jan 2024
@lehmanator:gnulinux.club@lehmanator:gnulinux.club removed their profile picture.16:53:53
@lehmanator:gnulinux.club@lehmanator:gnulinux.club set a profile picture.16:59:37
@lehmanator:gnulinux.club@lehmanator:gnulinux.club removed their display name Sam Lehman.16:59:42
@lehmanator:gnulinux.club@lehmanator:gnulinux.club left the room.17:03:22
29 Jan 2024
@lehmanator:tchncs.deSam Lehman joined the room.11:03:10
@lehmanator:tchncs.deSam Lehman set a profile picture.11:06:04
31 Jan 2024
@atra1n:matrix.orgTrain

Whenever I try to get a certificate, it always tries to use my local DNS:

lego --email email --dns domain --domains domain run
2024/01/31 13:09:58 [INFO] [domain] acme: Obtaining bundled SAN certificate
2024/01/31 13:09:58 [INFO] [domain] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/XXXXXXXXXX
2024/01/31 13:09:58 [INFO] [domain] acme: Could not find solver for: tls-alpn-01
2024/01/31 13:09:58 [INFO] [domain] acme: Could not find solver for: http-01
2024/01/31 13:09:58 [INFO] [domain] acme: use dns-01 solver
2024/01/31 13:09:58 [INFO] [domain] acme: Preparing to solve DNS-01
2024/01/31 13:09:59 [INFO] [domain] acme: Trying to solve DNS-01
2024/01/31 13:09:59 [INFO] [domain] acme: Checking DNS record propagation using [127.0.0.53:53]
2024/01/31 13:10:01 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
2024/01/31 13:10:01 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:03 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:05 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:07 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:09 [INFO] [domain] acme: Waiting for DNS record propagation.
2024/01/31 13:10:11 [INFO] [domain] acme: Waiting for DNS record propagation.
19:13:23
@atra1n:matrix.orgTrainIs it normal to use a loopback address such as this one: 127.0.0.53:5319:13:48
@atra1n:matrix.orgTrain * Is it normal to use a loopback address such as this one: 127.0.0.53:53?19:17:30
@ajs124:ajs124.deajs124if you're using systemd resolved, yes22:02:01
1 Feb 2024
@m1cr0man:m1cr0man.comm1cr0man
In reply to @atra1n:matrix.org
Is it normal to use a loopback address such as this one: 127.0.0.53:53?
Yes and you can also set it through the ACME options :) 		00:36:31
7 Feb 2024
@netpleb:matrix.orgnetpleb joined the room.21:27:59
@netpleb:matrix.orgnetpleb i am getting : 2024/02/07 21:34:52 Could not create client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": dial tcp: lookup acme-v02.api.letsencrypt.org: Temporary failure in name resolution with self-hosted bind (followed the manual) dns-01 validation 21:38:12

Show newer messages

Back to Room ListRoom Version: 6