From 9ce1e00ea5c093bb4cd0707245f225956e18ceae Mon Sep 17 00:00:00 2001
From: ediblerope <fredrik@nordhammer.it>
Date: Tue, 7 Apr 2026 17:20:19 +0100
Subject: [PATCH] Remove broken --dns.propagation-wait flag, rely on default
 propagation check

The CNAME interference is resolved so the default lego propagation check
(querying Cloudflare authoritative NS) should work correctly now.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 services/nginx.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/services/nginx.nix b/services/nginx.nix
index fb8f7e6..68e4fd6 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -64,9 +64,6 @@ in
         domain = "*.nordhammer.it";
         extraDomainNames = [ "nordhammer.it" ];
         dnsProvider = "cloudflare";
-        # Wait 30s after creating the TXT record before asking LE to validate
-        extraLegoRunFlags = [ "--dns.propagation-wait" "30s" ];
-        extraLegoRenewFlags = [ "--dns.propagation-wait" "30s" ];
         credentialFiles = {
           "CF_DNS_API_TOKEN_FILE" = "/var/secrets/cloudflare-token";
         };