ACME: Difference between revisions
imported>Samuela No edit summary |
mNo edit summary |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 13: | Line 13: | ||
# Supplying password files like this will make your credentials world-readable | # Supplying password files like this will make your credentials world-readable | ||
# in the Nix store. This is for demonstration purpose only, do not use this in production. | # in the Nix store. This is for demonstration purpose only, do not use this in production. | ||
environmentFile = "${pkgs.writeText "inwx-creds" '' | |||
INWX_USERNAME=xxxxxxxxxx | INWX_USERNAME=xxxxxxxxxx | ||
INWX_PASSWORD=yyyyyyyyyy | INWX_PASSWORD=yyyyyyyyyy | ||
| Line 29: | Line 29: | ||
<syntaxhighlight lang="nix"> | <syntaxhighlight lang="nix"> | ||
security.acme.certs."mx1.example.org".group = config.services.maddy.group; | security.acme.certs."mx1.example.org".group = config.services.maddy.group; | ||
</syntaxhighlight> | |||
== Using Let's Encrypt Staging == | |||
If you'd like to use the Let's Encrypt [https://letsencrypt.org/docs/staging-environment/ staging environment], eg for its less stringent rate limits, set | |||
<syntaxhighlight lang="nix"> | |||
security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 34: | Line 42: | ||
* NixOS manual on [https://nixos.org/manual/nixos/stable/index.html#module-security-acme SSL/TLS Certificates with ACME] | * NixOS manual on [https://nixos.org/manual/nixos/stable/index.html#module-security-acme SSL/TLS Certificates with ACME] | ||
[[Category: Server]] | |||
[[Category: Networking]] | |||