31 Dec 2022 |
hexa | 😲 | 19:49:12 |
1 Jan 2023 |
| @v0id:nltrix.net left the room. | 12:05:26 |
11 Jan 2023 |
hexa | so I had to restore a host yesterday and I could've restored the certificates from a backup, but didn't | 15:55:52 |
hexa | the acme module recreated all certs no problemo | 15:56:04 |
hexa | on the first try | 15:56:08 |
hexa | mind you, the host has 10 different ones 🙂 | 15:56:25 |
hexa | 🙏 | 15:56:38 |
Arian | yay | 15:56:47 |
hexa | our ACME story is truly great | 15:57:10 |
12 Jan 2023 |
raitobezarius | I also had situations like this and really it's pure joy | 10:22:48 |
13 Jan 2023 |
m1cr0man | Heh so, the reason I took developing of the wildcard cert support years ago was because I was deploying about 30 domains to a couple of servers, one of which had a subdomain per user (it was for a network society). All I know is, when I check those domains 4 years (holy shit time flies) later, they still work ;) | 18:46:03 |
m1cr0man | In reply to @hexa:lossy.network mind you, the host has 10 different ones 🙂 Btw this is why we implemented credential sharing across multiple instances of the renewal service. There's a 5 accounts per day rate limit | 20:08:49 |
m1cr0man | when I get some motivation I really want to port some of the features of the renewal script directly to lego. There's stuff in there that would be genuinely easier in the tool itself | 20:09:21 |
hexa | good luck with that | 20:10:12 |
hexa | last time we wanted an offline solution for the expiry check the upstream wasn't very forthcoming | 20:10:29 |
m1cr0man | well, we had a bit of a falling out XD I think it would require the work to be done by us. We must be one of lego's largest users though | 21:45:40 |
14 Jan 2023 |
@andreas.schraegle:helsinki-systems.de | Why did we decide for lego btw, instead of any of the other clients?
I know we used to use a different one, but I've never really looked into acme clients much. | 14:28:08 |
hexa | we used simp_le before | 15:31:18 |
hexa | I think it couldn't do DNS01 | 15:31:23 |
hexa | https://web.archive.org/web/20180603040716/https://github.com/NixOS/nixpkgs/issues/34941 | 15:37:25 |
hexa | this the original discussion, started by volth and since deleted … thanks github | 15:37:36 |
hexa | https://github.com/NixOS/nixpkgs/pull/77578 | 15:39:52 |
hexa | and the migration PR | 15:39:54 |
m1cr0man | I inherited the work on DNS-01 and assumed that some decision had been made to use lego, and didn't attempt to change it | 17:02:29 |
21 Jan 2023 |
K900 | The tests are failing again :( https://hydra.nixos.org/build/206158453/nixlog/98 | 15:03:29 |
hexa | dumped https://gist.github.com/mweinelt/cb4460149479878316b46c116518c88f | 21:30:39 |
hexa | so I can restart | 21:30:45 |
hexa | ah, it already was | 21:31:06 |
hexa | K900: did you see the error? | 21:33:36 |
hexa |
(finished: must succeed: curl --data '{"host": "acme.test", "addresses": ["192.168.1.1"]}' http://192.168.1.3:8055/add-a, in 0.24 seconds) client # curl: (7) Failed to connect to acme.test port 15000 after 88 ms: Couldn't connect to server client # curl: (7) Failed to connect to acme.test port 15000 after 88 ms: Couldn't connect to server
| 21:42:52 |