SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2024-11-22 11:41:26 +00:00
Code Issues Projects Releases Wiki Activity

fix: do not use DNS challenge for root domain TLS

Browse source 
Previous solution made ACME create two TXT records
on the same subdomain, creating the conflict
This commit is contained in:
Inex Code 2023-07-21 20:32:03 +03:00
parent 2f0107ce3b
commit d41cf6a4db
2 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
letsencrypt/acme.nix
View file

@ -17,7 +17,6 @@ in
certs = lib.mkForce { certs = lib.mkForce {
"${cfg.domain}" = { "${cfg.domain}" = {
domain = "*.${cfg.domain}"; domain = "*.${cfg.domain}";
extraDomainNames = [ "${cfg.domain}" ];
group = "acmerecievers"; group = "acmerecievers";
dnsProvider = lib.strings.toLower cfg.dns.provider; dnsProvider = lib.strings.toLower cfg.dns.provider;
credentialsFile = "/var/lib/cloudflare/Credentials.ini"; credentialsFile = "/var/lib/cloudflare/Credentials.ini";

3
webserver/nginx.nix
View file

@ -20,8 +20,7 @@ in
virtualHosts = { virtualHosts = {
"${domain}" = { "${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; enableACME = true;
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;