ACME: Difference between revisions
Formatting, Wording, Prune |
Starfish2228 (talk | contribs) →HTTP challenge: remove redundant quoting |
||
| (One intermediate revision by one other user not shown) | |||
| Line 57: | Line 57: | ||
defaults.webroot = "/var/lib/acme/acme-challenge/"; | defaults.webroot = "/var/lib/acme/acme-challenge/"; | ||
# We are using nginx as webserver, therefore set correct key permissions | # We are using nginx as webserver, therefore set correct key permissions | ||
certs. | certs.${domainName}.group = config.services.nginx.group; | ||
}; | }; | ||
| Line 66: | Line 66: | ||
services.nginx = { | services.nginx = { | ||
enable = true; | enable = true; | ||
virtualHosts. | virtualHosts.${domainName} = { | ||
forceSSL = true; | forceSSL = true; | ||
useACMEHost = | useACMEHost = domainName; | ||
locations."/.well-known/".root = "/var/lib/acme/acme-challenge/"; | locations."/.well-known/".root = "/var/lib/acme/acme-challenge/"; | ||
}; | }; | ||
| Line 75: | Line 75: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== DNS challenge == | == DNS challenge == | ||
If you want to use the DNS challenge with nginx, you should also set [https://search.nixos.org/options?show=services.nginx.virtualHosts.%3Cname%3E.acmeRoot service.nginx.virtualHosts.<name>.acmeRoot] to <code>null</code>. | If you want to use the DNS challenge with nginx, you should also set [https://search.nixos.org/options?show=services.nginx.virtualHosts.%3Cname%3E.acmeRoot service.nginx.virtualHosts.<name>.acmeRoot] to <code>null</code>. <ref>From [https://nixos.org/manual/nixos/stable/#module-security-acme-config-dns-with-vhosts NixOS Manual: ''Using DNS validation with web server virtual hosts'']. [https://github.com/NixOS/nixpkgs/issues/210807 Issue #210807] provides some detail on why this is needed.</ref> | ||
=== With inwx as DNS provider === | === With inwx as DNS provider === | ||