From 3c0746e23b50431a69662cf645ceff6cceb0c0be Mon Sep 17 00:00:00 2001
From: ediblerope <fredrik@nordhammer.it>
Date: Tue, 14 Apr 2026 22:33:13 +0100
Subject: [PATCH] Skip ACME DNS propagation check for local resolver caching

Local DNS resolver caches stale responses causing the wildcard
cert DNS-01 challenge to time out before propagation is confirmed.
Cloudflare's authoritative servers propagate fast enough for
Let's Encrypt to validate without the client-side check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 services/nginx.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/services/nginx.nix b/services/nginx.nix
index f4681da..b5a1393 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -62,6 +62,7 @@ in
         domain = "*.nordhammer.it";
         extraDomainNames = [ "nordhammer.it" ];
         dnsProvider = "cloudflare";
+        dnsPropagationCheck = false;
         credentialFiles = {
           "CF_DNS_API_TOKEN_FILE" = "/var/secrets/cloudflare-token";
         };