|
|
| Line 23: |
Line 23: |
| systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/spool/nginx/logs/" ]; | | systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/spool/nginx/logs/" ]; |
| </syntaxHighlight> | | </syntaxHighlight> |
|
| |
| ==== Rate limiting ====
| |
|
| |
| The ACME server for Let's encrypt has rate limits. There is a known issue<ref>{{issue|38144}}</ref> with how NixOS handles automatic certificate generation wherein it is trivial to hit the limits when enabling multiple domains or sub-domains at once.
| |
|
| |
| When hitting the limit, the logs will show as follows:
| |
|
| |
| <pre>
| |
| Mar 30 14:07:38 HOSTNAME systemd[1]: Failed to start Renew ACME Certificate for example.com.
| |
| ...
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: 2018-03-30 18:08:10,566:DEBUG:acme.client:540: JWS payload:
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: {
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: "resource": "new-reg"
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: }
| |
| ...
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: Connection: close
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: {
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: "type": "urn:acme:error:rateLimited",
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: "detail": "Error creating new registration :: too many registrations for this IP: see https://letsencrypt.org/docs/rate-limits/",
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: "status": 429
| |
| Mar 30 14:08:10 HOSTNAME acme-example.com-start[25915]: }
| |
| </pre>
| |
|
| |
| See {{issue|38144}} for the current status.
| |
|
| |
|
| ==== SIGTERM received from 1 ==== | | ==== SIGTERM received from 1 ==== |