!MthpOIxqJhTgrMNxDS:nixos.org

NixOS ACME / LetsEncrypt

116 Members
Another day, another cert renewal49 Servers

Load older messages

SenderMessageTime
6 Mar 2026
@ctheune:matrix.flyingcircus.ioTheuni changed their display name from Christian Theune to Theuni.19:57:15
11 Mar 2026
@ctheune:matrix.flyingcircus.ioTheuni changed their display name from Theuni to Christian Theune.14:11:06
12 Mar 2026
@ctheune:matrix.flyingcircus.ioTheuni changed their display name from Christian Theune to Theuni.07:17:22
13 Mar 2026
@katzenmann:frei.chat@katzenmann:frei.chat joined the room.20:58:51
@hexa:lossy.networkhexagot two support requests today for21:08:18
@hexa:lossy.networkhexa
Could not validate ARI 'replaces' field :: requester account did not request the certificate being replaced by this order
21:08:20
@katzenmann:frei.chat@katzenmann:frei.chat left the room.21:08:35
@hexa:lossy.networkhexathis happens when the email address for a certificate gets changed21:08:41
@hexa:lossy.networkhexaone solution is to yank the whole cert and request a new one21:08:57
@hexa:lossy.networkhexawondering if we can and want to try to couple certificates harder with the account name21:09:45
14 Mar 2026
@m1cr0man:m1cr0man.comm1cr0manhow does this happen? Like is there cert authorities that let you do it OOB?01:29:52
@hexa:lossy.networkhexasecurity.acme.defaults.email = "foo" -> "bar"01:36:13
@hexa:lossy.networkhexathen we register a new account I guess01:36:24
@hexa:lossy.networkhexabut the regular quiet renews ask for ari and that raises that error01:36:41
@hexa:lossy.networkhexafor existing certificates that were created under the foo account01:36:52
@emilazy:matrix.orgemilyLE don't even store emails any more, right?01:37:29
@emilazy:matrix.orgemilyso the email value is just … changing the hash of the account but not anything about the data that actually gets retained on their end?01:37:55
@hexa:lossy.networkhexathey don't, but other acme providers might01:39:33
@hexa:lossy.networkhexaa hash change registers a new account, right?01:39:49
@hexa:lossy.networkhexaso we have certs in store that don't belong to the new account and therefore fail renewal01:40:12
@emilazy:matrix.orgemilyright01:42:36
@emilazy:matrix.orgemilyI mean… it might make sense to warn if an email is set / omit it from the hash for LE servers, say01:43:08
@emilazy:matrix.orgemilybut that is its own migration separate01:43:23
15 Mar 2026
@jykrwn_bot:matrix.orgjykrwn_bot joined the room.00:32:18
26 May 2021
@grahamc:nixos.org@grahamc:nixos.org set the history visibility to "world_readable".20:36:34
@grahamc:nixos.org@grahamc:nixos.org changed the room name to "" from "".20:36:34
@server_stats:nordgedanken.devServer Stats Discoverer (traveler bot) joined the room.20:36:42
@grahamc:nixos.org@grahamc:nixos.org invited @m1cr0man:m1cr0man.comm1cr0man.20:36:47
@grahamc:nixos.org@grahamc:nixos.orgchanged room power levels.20:36:52
@m1cr0man:m1cr0man.comm1cr0man joined the room.20:37:09

Show newer messages

Back to Room ListRoom Version: 6