!MthpOIxqJhTgrMNxDS:nixos.org

NixOS ACME / LetsEncrypt

120 Members
Another day, another cert renewal51 Servers

You have reached the beginning of time (for this room).

SenderMessageTime
13 Sep 2022
@hexa:lossy.networkhexa(who tells him?)02:17:56
@dandellion:dodsorf.asDandellion👀 I told him02:58:05
@dandellion:dodsorf.asDandellion * 👀 (I told him)02:58:19
15 Sep 2022
@m_algery:leohoo.xyzm_algery joined the room.12:30:30
@m_algery:leohoo.xyzm_algery left the room.12:30:33
18 Sep 2022
@winterqt:nixos.devWinter (she/her)

Thanks for reviewing that doc change m1cr0man, was waiting on you since you wrote the section :)

(didn't want to merge a bad/wrong change)

22:49:20
@m1cr0man:m1cr0man.comm1cr0manSorry for the delay! I'm actually not happy with that section of docs at all and I am tempted to rewrite the whole no web server guide entirely, but the guy is right - I'd rather not see it bitrot either :)23:00:07
@m1cr0man:m1cr0man.comm1cr0manI've hit critical mass on open issues too so I'm doing a round of fixes and features. On my list are: https://github.com/NixOS/nixpkgs/issues/191794 (port 80 bind permission denied, already fixed locally) https://github.com/NixOS/nixpkgs/issues/190493 (email change not detected? I think this is a user issue but confirming anyway) https://github.com/NixOS/nixpkgs/issues/180980 (nginx default server problems. Will do my best but this might cause some big issues)23:01:36
@m1cr0man:m1cr0man.comm1cr0manFwiw Winter I don't think it is tested, he said he did the edits on GH web. Truthfully I never fully tested that config when I first wrote it 😅 it was cannibalised from a config I had. Hence why I wanna refactor it23:07:46
@m1cr0man:m1cr0man.comm1cr0man https://github.com/go-acme/lego/pull/1657 lol just ran into this running tests. I'm gonna add -no-random-sleep in the test suite 23:14:55
19 Sep 2022
@m1cr0man:m1cr0man.comm1cr0manWIP PR: https://github.com/NixOS/nixpkgs/pull/191861/files#diff-352faa44c3da86e70bd6b5a55ff13f0a900b0f2fac44229f352ed1fd5b93a262R486 Can you believe we didn't have a basic test for cert renewal? :P 00:16:14
@m1cr0man:m1cr0man.comm1cr0manhttps://github.com/NixOS/nixpkgs/issues/180980 I really don't understand this ticket after an hour of reading19:46:08
@m1cr0man:m1cr0man.comm1cr0manFrom what I gather he's setting an explicit default server, but not all domains designated for HTTP-01 solving are set up with appropriate vhosts? He's relying on default_server behaviour to provide .well-known/acme-challenge to them. The nginx module doesn't set up a default_server by default and I can't see how I would introduce one without breaking existing configurations in some way, so is his own solution in the second last comment solving the whole ticket?19:48:42

Show newer messages

Back to Room ListRoom Version: 6