fix: do not use DNS challenge for root domain TLS

Previous solution made ACME create two TXT records
on the same subdomain, creating the conflict
This commit is contained in:
Inex Code 2023-07-21 20:32:03 +03:00
parent 2f0107ce3b
commit d41cf6a4db
2 changed files with 1 additions and 3 deletions

View file

@ -17,7 +17,6 @@ in
certs = lib.mkForce { certs = lib.mkForce {
"${cfg.domain}" = { "${cfg.domain}" = {
domain = "*.${cfg.domain}"; domain = "*.${cfg.domain}";
extraDomainNames = [ "${cfg.domain}" ];
group = "acmerecievers"; group = "acmerecievers";
dnsProvider = lib.strings.toLower cfg.dns.provider; dnsProvider = lib.strings.toLower cfg.dns.provider;
credentialsFile = "/var/lib/cloudflare/Credentials.ini"; credentialsFile = "/var/lib/cloudflare/Credentials.ini";

View file

@ -20,8 +20,7 @@ in
virtualHosts = { virtualHosts = {
"${domain}" = { "${domain}" = {
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem"; enableACME = true;
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
forceSSL = true; forceSSL = true;
extraConfig = '' extraConfig = ''
add_header Strict-Transport-Security $hsts_header; add_header Strict-Transport-Security $hsts_header;