| 19 Sep 2022 |
 m1cr0man | https://github.com/NixOS/nixpkgs/issues/180980 I really don't understand this ticket after an hour of reading | 19:46:08 |
| m1cr0man | From what I gather he's setting an explicit default server, but not all domains designated for HTTP-01 solving are set up with appropriate vhosts? He's relying on default_server behaviour to provide .well-known/acme-challenge to them. The nginx module doesn't set up a default_server by default and I can't see how I would introduce one without breaking existing configurations in some way, so is his own solution in the second last comment solving the whole ticket? | 19:48:42 |
| 4 Oct 2022 |
| m1cr0man | Hey folks. Anyone been able to look at https://github.com/NixOS/nixpkgs/pull/191861 ? There's a thread there about adding no-random-sleep to the default options. I think it makes sense due to how it will cause the renew service to run longer than necessary (and thus delay startup of dependent services), but this will update certHash and thus invalidate all existing certificates on all servers. I'd want to do that with the next release cycle which is coming up really soon. What do yous think of adding that option? | 21:03:13 |
| m1cr0man | I could add it here: https://github.com/m1cr0man/nixpkgs/blob/100dd8157d0843429081c31e76108897a27e7c06/nixos/modules/security/acme/default.nix#L192 which would not induce such a change. Infact, yeah I'll do that. This random delay does more harm than good, and hard coding it into the module will help rather than hinder. | 21:05:44 |
 hexa | could you report the state of the acme module in https://github.com/NixOS/nixpkgs/issues/194208? | 21:24:43 |
| hexa | like open issues you plan to tackle before the release | 21:24:54 |
| m1cr0man | yeah that's why im looking over this :) will do | 21:25:41 |
| hexa | thanks! 😄 | 21:27:05 |
| m1cr0man | Alright done :) | 21:53:56 |
| 9 Oct 2022 |
|  shapr joined the room. | 17:09:20 |
| shapr | Hello, I'm having problems with acme. Here's my entire configuration.nix .
The error I get is:
Oct 08 23:32:51 surtr nginx[88563]: 2022/10/08 23:32:51 [error] 88563#88563: *3038 open() "/var/lib/acme/acme-challenge/.well-known/acme-challenge/QRZ9CmjhedoazA3YKZaevRybxjy415mk-1OPiYmP9IY" failed (2: No such file or directory), client: 23.178.112.208, server: scannedinavian.com, request: "GET /.well-known/acme-challenge/QRZ9CmjhedoazA3YKZaevRybxjy415mk-1OPiYmP9IY HTTP/1.1", host: "scannedinavian.com"
Any idea why it's trying to serve from /var/lib/acme when I've set the webroot to /var/www | 17:11:55 |
| shapr | I found the problem! This line was setting the location incorrectly! | 20:44:55 |
| 15 Oct 2022 |
|  underpantsgnome! changed their display name from underpantsgnome to underpantsgnome!. | 00:30:21 |
| 17 Oct 2022 |
 Winter (she/her) | Is it normal for (a) the renewal timers to fire on each reboot, and (b) for it to not be daily, as specified in the timer file? | 03:02:39 |
| Winter (she/her) | Here's what I mean:
```
Until: Sun 2022-10-16 22:57:57 EDT; 26s ago
Trigger: Mon 2022-10-17 05:09:17 EDT; 6h left
``` | 03:02:54 |
