!MthpOIxqJhTgrMNxDS:nixos.org

NixOS ACME / LetsEncrypt

86 Members
Another day, another cert renewal39 Servers

Load older messages

SenderMessageTime
17 Apr 2024
@k900:0upti.meK900 17:21:54
27 Apr 2024
@ygt:matrix.orgnadir joined the room.18:22:49
28 Apr 2024
@a-kenji:matrix.orga-kenji joined the room.10:00:00
29 Apr 2024
@mjolnir:nixos.orgNixOS Moderation Botchanged room power levels.15:29:14
1 May 2024
@mjolnir:nixos.orgNixOS Moderation Botchanged room power levels.15:07:28
13 May 2024
@arianvp:matrix.orgArian left the room.17:44:28
22 May 2024
@mjolnir:nixos.orgNixOS Moderation Botchanged room power levels.15:25:55
@mjolnir:nixos.orgNixOS Moderation Botchanged room power levels.15:28:10
23 May 2024
@cblacktech:matrix.orgcblacktech joined the room.21:59:57
28 May 2024
@sandro:supersandro.deSandro 🐧 joined the room.08:25:34
29 May 2024
@raitobezarius:matrix.orgraitobezarius changed their display name from raitobezarius to raitobezarius (DECT: 7248).17:08:24
1 Jun 2024
@k900:0upti.meK900I feel like some recent change made the ACME test way more flaky16:58:33
@k900:0upti.meK900Somewhere in the past few days16:59:25
3 Jun 2024
@arianvp:matrix.orgArian joined the room.08:07:27
@arianvp:matrix.orgArianapparently we merged a change that changes the account dir hash and is causing mass renewals and account id renewal?https://github.com/NixOS/nixpkgs/issues/316608 Anybody any idea how we can fix this before it causes more damage? Should we backport some conditional that uses the old hashing scheme based on stateVersion? Need to come up with some pragmatic solution08:09:44
@arianvp:matrix.orgArian TIL that toString null returns the string " " lol 08:10:17
@arianvp:matrix.orgArianNix is a special language for sure08:10:32
@k900:0upti.meK900Uhh08:10:58
@k900:0upti.meK900That's a very stupid behavior in lego tbh08:11:03
@arianvp:matrix.orgArianThis is not Lego. this is us08:11:10
@arianvp:matrix.orgArianI think?08:11:15
@k900:0upti.meK900Oh OK yeah it is us08:12:00
@k900:0upti.meK900https://github.com/SuperSandro2000/nixpkgs/blob/6e294f40db992635e4aa566789ac3560ed1f9b1a/nixos/modules/security/acme/default.nix#L1608:12:00
@arianvp:matrix.orgArian so acmeServer used to be null 08:12:19
@arianvp:matrix.orgArianand we change it to the letsencrypt uri08:12:35
@k900:0upti.meK900But how is it leaking into CAA records then08:13:01
@k900:0upti.meK900Is what I don't get08:13:03
@arianvp:matrix.orgArianYou can bind your CAA record to your account ID these days08:13:35
@k900:0upti.meK900Oh08:13:40
@arianvp:matrix.orgArianit's a new extension to ACME protocol08:13:42

Show newer messages

Back to Room ListRoom Version: 6