fix: do not use DNS challenge for root domain TLS

Previous solution made ACME create two TXT records on the same subdomain, creating the conflict
2024-11-14 04:13:21 +00:00 · 2023-07-21 20:32:03 +03:00 · 2023-07-21 20:32:03 +03:00 · d41cf6a4db
parent 2f0107ce3b
commit d41cf6a4db
2 changed files with 1 additions and 3 deletions
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@ -17,7 +17,6 @@ in
    certs = lib.mkForce {
      "${cfg.domain}" = {
        domain = "*.${cfg.domain}";
-        extraDomainNames = [ "${cfg.domain}" ];
        group = "acmerecievers";
        dnsProvider = lib.strings.toLower cfg.dns.provider;
        credentialsFile = "/var/lib/cloudflare/Credentials.ini";
--- a/webserver/nginx.nix
+++ b/webserver/nginx.nix
@ -20,8 +20,7 @@ in

    virtualHosts = {
      "${domain}" = {
-        sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
-        sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
+        enableACME = true;
        forceSSL = true;
        extraConfig = ''
          add_header Strict-Transport-Security $hsts_header;