rope/nixos
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use propagation wait instead of disabling ACME DNS check

Browse source 
Disabling the propagation check caused lego to submit to Let's
Encrypt before Cloudflare's authoritative nameservers had the
TXT record. A 30s wait gives Cloudflare time to propagate.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
ediblerope 2026-04-14 22:36:48 +01:00
parent 3c0746e23b
commit beadcc5397
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
services/nginx.nix
View file

@ -62,7 +62,8 @@ in
domain = "*.nordhammer.it"; domain = "*.nordhammer.it";
extraDomainNames = [ "nordhammer.it" ]; extraDomainNames = [ "nordhammer.it" ];
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
dnsPropagationCheck = false; extraLegoRunFlags = [ "--dns.propagation-wait" "30s" ];
extraLegoRenewFlags = [ "--dns.propagation-wait" "30s" ];
credentialFiles = { credentialFiles = {
"CF_DNS_API_TOKEN_FILE" = "/var/secrets/cloudflare-token"; "CF_DNS_API_TOKEN_FILE" = "/var/secrets/cloudflare-token";
}; };