Skip ACME DNS propagation check for local resolver caching

Local DNS resolver caches stale responses causing the wildcard cert DNS-01 challenge to time out before propagation is confirmed. Cloudflare's authoritative servers propagate fast enough for Let's Encrypt to validate without the client-side check. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-14 22:33:13 +01:00 · 2026-04-14 22:33:13 +01:00 · 3c0746e23b
commit 3c0746e23b
parent a109d5a5c7
1 changed files with 1 additions and 0 deletions
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -62,6 +62,7 @@ in
        domain = "*.nordhammer.it";
        extraDomainNames = [ "nordhammer.it" ];
        dnsProvider = "cloudflare";
+        dnsPropagationCheck = false;
        credentialFiles = {
          "CF_DNS_API_TOKEN_FILE" = "/var/secrets/cloudflare-token";
        };