nixos/acme: Add a human readable error on run failure
Closes NixOS/nixpkgs#108237 When a user first adds an ACME cert to their configuration, it's likely to fail to renew due to DNS misconfig. This is non-fatal for other services since selfsigned certs are (usually) put in place to let dependant services start. Tell the user about this in the logs, and exit 2 for differentiation purposes.
This commit is contained in:
parent
a88d846b91
commit
87403a0b07
1 changed files with 7 additions and 2 deletions
|
@ -391,8 +391,13 @@ let
|
|||
fi
|
||||
|
||||
# Otherwise do a full run
|
||||
else
|
||||
lego ${runOpts}
|
||||
elif ! lego ${runOpts}; then
|
||||
# Produce a nice error for those doing their first nixos-rebuild with these certs
|
||||
echo Failed to fetch certificates. \
|
||||
This may mean your DNS records are set up incorrectly. \
|
||||
${optionalString (cfg.preliminarySelfsigned) "Selfsigned certs are in place and dependant services will still start."}
|
||||
# Exit 2 so that users can potentially amend SuccessExitStatus to ignore this error.
|
||||
exit 2
|
||||
fi
|
||||
|
||||
mv domainhash.txt certificates/
|
||||
|
|
Loading…
Reference in a new issue