!MthpOIxqJhTgrMNxDS:nixos.org

NixOS ACME / LetsEncrypt

105 Members
Another day, another cert renewal46 Servers

Load older messages

SenderMessageTime
2 Dec 2025
@hexa:lossy.networkhexapersistent DNS TXT records as proof of domain control15:46:08
@hexa:lossy.networkhexaif that works out that feels like it will be big15:46:38
@hexa:lossy.networkhexashortlived is still "locked behind an allowlist"15:47:16
10 Dec 2025
@sandro:supersandro.deSandro 🐧FYI: https://github.com/NixOS/nixpkgs/pull/46790823:35:40
14 Dec 2025
@hexa:lossy.networkhexahttps://datatracker.ietf.org/doc/draft-ietf-acme-device-attest/14:12:18
@hexa:lossy.networkhexawondering if the security.acme module will have to support enterprise pki in the future 🙂 14:22:21
@arianvp:matrix.orgArianSmallstep implements this and we have a module for it in nixos I think17:08:17
24 Dec 2025
@hexa:lossy.networkhexaok, so shortlived certificates are "6ish days"00:17:22
@hexa:lossy.networkhexaor exactly 160h00:17:25
@hexa:lossy.networkhexaspecifying the remainder in valid days seems less useful 😄 00:17:48
@hexa:lossy.networkhexaI'd be fine with less than 72h remaining, ok that's three days00:19:06
@hexa:lossy.networkhexabut the renew timer should run more often than daily00:19:19
@hexa:lossy.networkhexa* but now the renew timer should run more often than daily00:19:23
@hexa:lossy.networkhexaimage.png
Download image.png		00:40:59
@hexa:lossy.networkhexa 
      validMinDays = 3;
      renewInterval = "3/6:00:00";
      extraLegoRunFlags = [ "--profile=shortlived" ];
      extraLegoRenewFlags = [ "--profile=shortlived" ];
00:41:26
@hexa:lossy.networkhexaoh, I think the profile option was backported00:41:39
@hexa:lossy.networkhexa* oh, I think the profile option was backported, so that can be shortened to00:44:34
@hexa:lossy.networkhexa 
      validMinDays = 3;
      renewInterval = "3/6:00:00";
      profile = "shortlived";
00:44:37
26 May 2021
@grahamc:nixos.org@grahamc:nixos.org set the history visibility to "world_readable".20:36:34
@grahamc:nixos.org@grahamc:nixos.org changed the room name to "" from "".20:36:34
@server_stats:nordgedanken.devServer Stats Discoverer (traveler bot) joined the room.20:36:42
@grahamc:nixos.org@grahamc:nixos.org invited @m1cr0man:m1cr0man.comm1cr0man.20:36:47
@grahamc:nixos.org@grahamc:nixos.orgchanged room power levels.20:36:52
@m1cr0man:m1cr0man.comm1cr0man joined the room.20:37:09
@dandellion:dodsorf.asDandellion joined the room.20:38:19
@emilazy:matrix.orgemily joined the room.20:43:31
@hexa:lossy.networkhexa joined the room.20:44:30
@m1cr0man:m1cr0man.comm1cr0man set the room topic to "Another day, another cert renewal".20:46:02
@voyager:t2bot.ioMatrix Traveler (bot) joined the room.20:51:53
@sumner:sumnerevans.comsumner joined the room.21:00:03

Show newer messages

Back to Room ListRoom Version: 6