nixos/acme: Add a human readable error on run failure
Closes NixOS/nixpkgs#108237 When a user first adds an ACME cert to their configuration, it's likely to fail to renew due to DNS misconfig. This is non-fatal for other services since selfsigned certs are (usually) put in place to let dependant services start. Tell the user about this in the logs, and exit 2 for differentiation purposes.
This commit is contained in:
parent
a88d846b91
commit
87403a0b07
1 changed files with 7 additions and 2 deletions
|
@ -391,8 +391,13 @@ let
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Otherwise do a full run
|
# Otherwise do a full run
|
||||||
else
|
elif ! lego ${runOpts}; then
|
||||||
lego ${runOpts}
|
# Produce a nice error for those doing their first nixos-rebuild with these certs
|
||||||
|
echo Failed to fetch certificates. \
|
||||||
|
This may mean your DNS records are set up incorrectly. \
|
||||||
|
${optionalString (cfg.preliminarySelfsigned) "Selfsigned certs are in place and dependant services will still start."}
|
||||||
|
# Exit 2 so that users can potentially amend SuccessExitStatus to ignore this error.
|
||||||
|
exit 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mv domainhash.txt certificates/
|
mv domainhash.txt certificates/
|
||||||
|
|
Loading…
Reference in a new issue