| 26 Oct 2025 |
|  Sir_Morton joined the room. | 15:34:39 |
|  @neobrain:matrix.org joined the room. | 21:28:44 |
| 27 Oct 2025 |
| @neobrain:matrix.org left the room. | 07:34:36 |
| 7 Nov 2025 |
|  @atra1n:matrix.org removed their profile picture. | 16:36:32 |
| @atra1n:matrix.org removed their display name Train. | 16:36:52 |
| @atra1n:matrix.org left the room. | 16:37:04 |
|  @emma:rory.gay left the room. | 22:41:45 |
| 12 Nov 2025 |
|  Inayet changed their display name from inayet to Inayet. | 12:37:54 |
| 19 Nov 2025 |
|  @alina:catgirl.cloud left the room. | 15:01:52 |
| 2 Dec 2025 |
 hexa | Redacted or Malformed Event | 15:43:04 |
| hexa | https://letsencrypt.org/2025/12/02/from-90-to-45.html | 15:43:10 |
| hexa | https://datatracker.ietf.org/doc/html/draft-sheurich-acme-dns-persist-01 | 15:45:57 |
| hexa | persistent DNS TXT records as proof of domain control | 15:46:08 |
| hexa | if that works out that feels like it will be big | 15:46:38 |
| hexa | shortlived is still "locked behind an allowlist" | 15:47:16 |
| 10 Dec 2025 |
 Sandro 🐧 | FYI: https://github.com/NixOS/nixpkgs/pull/467908 | 23:35:40 |
| 14 Dec 2025 |
| hexa | https://datatracker.ietf.org/doc/draft-ietf-acme-device-attest/ | 14:12:18 |
| hexa | wondering if the security.acme module will have to support enterprise pki in the future 🙂 | 14:22:21 |
 Arian | Smallstep implements this and we have a module for it in nixos I think | 17:08:17 |
| 24 Dec 2025 |
| hexa | ok, so shortlived certificates are "6ish days" | 00:17:22 |
| hexa | or exactly 160h | 00:17:25 |
| hexa | specifying the remainder in valid days seems less useful 😄 | 00:17:48 |
| hexa | I'd be fine with less than 72h remaining, ok that's three days | 00:19:06 |
| hexa | but the renew timer should run more often than daily | 00:19:19 |
| hexa | * but now the renew timer should run more often than daily | 00:19:23 |
| hexa | 
Download image.png | 00:40:59 |
| hexa | validMinDays = 3;
renewInterval = "3/6:00:00";
extraLegoRunFlags = [ "--profile=shortlived" ];
extraLegoRenewFlags = [ "--profile=shortlived" ];
| 00:41:26 |
| hexa | oh, I think the profile option was backported | 00:41:39 |
| hexa | * oh, I think the profile option was backported, so that can be shortened to | 00:44:34 |
| hexa | validMinDays = 3;
renewInterval = "3/6:00:00";
profile = "shortlived";
| 00:44:37 |
