rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use Cloudflare resolver for ACME DNS propagation check

Browse source 
Route DNS propagation checks through 1.1.1.1 only, bypassing
the local resolver that caches stale responses and causes
wildcard cert DNS-01 challenges to time out.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
ediblerope 2026-04-14 22:38:20 +01:00
parent beadcc5397
commit 6ae3f8be97
1 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
services/nginx.nix
View file

@ -62,8 +62,8 @@ in
domain = "*.nordhammer.it";
extraDomainNames = [ "nordhammer.it" ];
dnsProvider = "cloudflare";
extraLegoRunFlags = [ "--dns.propagation-wait" "30s" ];
extraLegoRenewFlags = [ "--dns.propagation-wait" "30s" ];
extraLegoRunFlags = [ "--dns.resolvers" "1.1.1.1:53" ];
extraLegoRenewFlags = [ "--dns.resolvers" "1.1.1.1:53" ];
credentialFiles = {
"CF_DNS_API_TOKEN_FILE" = "/var/secrets/cloudflare-token";
};