!MthpOIxqJhTgrMNxDS:nixos.org

NixOS ACME / LetsEncrypt

93 Members
Another day, another cert renewal43 Servers

Load older messages

SenderMessageTime
19 Oct 2024
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)20241019_085330.png
Download 20241019_085330.png		08:20:14
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)This ☝️ is my DNS setup08:20:23
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)

And when I don't set webroot = null; in ACME config, I get this error:

error:
┃        Failed assertions:
┃        - Exactly one of the options
┃        `security.acme.certs.transmission.homelab.nakibrayan.com.dnsProvider`,
┃        `security.acme.certs.transmission.homelab.nakibrayan.com.webroot`,
┃        `security.acme.certs.transmission.homelab.nakibrayan.com.listenHTTP` and
┃        `security.acme.certs.transmission.homelab.nakibrayan.com.s3Bucket`
┃        is required.
┃        Current values: {
┃          dnsProvider = "cloudflare";
┃          listenHTTP = null;
┃          s3Bucket = null;
┃          webroot = "/var/lib/acme/acme-challenge";
08:23:14
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)how can I get a wildcard cert for *.domain.duckdns.org15:41:40
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)and use it in my reverse proxy?15:41:47
@k900:0upti.meK900You can't15:46:57
@k900:0upti.meK900Unless DuckDNS provides arbitrary TXT records15:47:04
@k900:0upti.meK900The only way to get a wildcard ACME cert is a DNS challenge, which require adding a TXT record to the domain root15:47:19
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)https://www.youtube.com/watch?v=qlcVx-k-02E&pp=ygUVd29sZmdhbmdzIGNoYW5lbGwgc3Ns15:48:27
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)in the video, the youtuber did it using nginx proxy manger, and without adding any txt records15:48:51
@nakibrayan:matrix.imRayan Nakib (ريان نقيب) * In this ☝️ video, The youtuber did it using nginx proxy manger, And without adding any TXT records.15:49:16
@k900:0upti.meK900They're using Cloudflare for DNS15:51:02
@k900:0upti.meK900Not DuckDNS15:51:07
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)no, they used DuckDNS15:51:26
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)I also own a domain that I manage using cloudflare, could i use it for my homelab and my website at the same time?15:51:50
@k900:0upti.meK900Yes15:51:54
@k900:0upti.meK900They used DuckDNS, and then used Cloudflare to provide a CNAME15:52:03
@k900:0upti.meK900And get a certificate for that15:52:07
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)Can you help me, because I don't have experience with this kind of things. so, I will create: A record -> homelab -> 192.168.1.6 CNAME record -> *.homelab -> 192.168.1.615:53:50
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)is this correct?15:53:53
@k900:0upti.meK900 Do you literally want your domain name to be homelab? 15:54:39
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)no15:54:46
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)homelab.nakibrayan.com15:54:50
@k900:0upti.meK900If you have a public domain, I would generally recommend just setting up your resources as subdomains of that15:54:56
@k900:0upti.meK900And then you can use normal ACME stuff with a DNS challenge, even without a wildcard15:55:12
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)I want my nextcloud instance to be under, nextcloud.homelab.nakibrayan.com, is this setup possible?15:55:57
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)only in my lan15:56:06
@k900:0upti.meK900Yes15:56:10
@nakibrayan:matrix.imRayan Nakib (ريان نقيب)how?15:56:25
@k900:0upti.meK900You can set up your LAN's DNS server to resolve that15:56:27

Show newer messages

Back to Room ListRoom Version: 6