mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git
synced 2024-11-14 04:13:21 +00:00
fix: do not use DNS challenge for root domain TLS
Previous solution made ACME create two TXT records on the same subdomain, creating the conflict
This commit is contained in:
parent
2f0107ce3b
commit
d41cf6a4db
|
@ -17,7 +17,6 @@ in
|
|||
certs = lib.mkForce {
|
||||
"${cfg.domain}" = {
|
||||
domain = "*.${cfg.domain}";
|
||||
extraDomainNames = [ "${cfg.domain}" ];
|
||||
group = "acmerecievers";
|
||||
dnsProvider = lib.strings.toLower cfg.dns.provider;
|
||||
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
||||
|
|
|
@ -20,8 +20,7 @@ in
|
|||
|
||||
virtualHosts = {
|
||||
"${domain}" = {
|
||||
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
|
||||
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security $hsts_header;
|
||||
|
|
Loading…
Reference in a new issue