mirror of
https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git
synced 2024-11-22 03:41:26 +00:00
fix: do not use DNS challenge for root domain TLS
Previous solution made ACME create two TXT records on the same subdomain, creating the conflict
This commit is contained in:
parent
2f0107ce3b
commit
d41cf6a4db
|
@ -17,7 +17,6 @@ in
|
||||||
certs = lib.mkForce {
|
certs = lib.mkForce {
|
||||||
"${cfg.domain}" = {
|
"${cfg.domain}" = {
|
||||||
domain = "*.${cfg.domain}";
|
domain = "*.${cfg.domain}";
|
||||||
extraDomainNames = [ "${cfg.domain}" ];
|
|
||||||
group = "acmerecievers";
|
group = "acmerecievers";
|
||||||
dnsProvider = lib.strings.toLower cfg.dns.provider;
|
dnsProvider = lib.strings.toLower cfg.dns.provider;
|
||||||
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
||||||
|
|
|
@ -20,8 +20,7 @@ in
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"${domain}" = {
|
"${domain}" = {
|
||||||
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
|
enableACME = true;
|
||||||
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
|
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
add_header Strict-Transport-Security $hsts_header;
|
add_header Strict-Transport-Security $hsts_header;
|
||||||
|
|
Loading…
Reference in a new issue