1e3607d331
Lego allows users to use the DNS-01 challenge to validate their certificates. It is mostly backwards compatible, with a few caveats. - extraDomains can no longer have different webroots to the main webroot for the cert. - An email address is now mandatory for account creation The following other changes were required: - Deprecate security.acme.certs.<name>.plugins, as this was specific to simp-le - Rename security.acme.validMin to validMinDays, to avoid confusion and errors. Lego requires the TTL to be specified in days - Add options to cover DNS challenge (dnsProvider, credentialsFile, dnsPropagationCheck) - A shared state directory is now used (/var/lib/acme/.lego) to avoid account creation rate limits and share credentials between certs |
||
|---|---|---|
| .. | ||
| wrappers | ||
| acme.nix | ||
| acme.xml | ||
| apparmor-suid.nix | ||
| apparmor.nix | ||
| audit.nix | ||
| auditd.nix | ||
| ca.nix | ||
| chromium-suid-sandbox.nix | ||
| dhparams.nix | ||
| duosec.nix | ||
| google_oslogin.nix | ||
| hidepid.nix | ||
| hidepid.xml | ||
| lock-kernel-modules.nix | ||
| misc.nix | ||
| oath.nix | ||
| pam.nix | ||
| pam_mount.nix | ||
| pam_usb.nix | ||
| polkit.nix | ||
| prey.nix | ||
| rngd.nix | ||
| rtkit.nix | ||
| sudo.nix | ||
| systemd-confinement.nix | ||