This only applies if you have used the nixos acme client on NixOS unstable or on the 20.03 channel older than the 9th april. In 20.03/unstable we switched from simp_le to lego.
In order to support multiple certificate with the same common name as we did in 19.09, we had to change the directory lego
puts its generated certificates in acme: create certificates in subdirectory by Mic92 · Pull Request #84781 · NixOS/nixpkgs · GitHub. If you want to keep your old tls keys/certificates instead of regenerating, apply the following NixOS configuration:
systemd.services = lib.mapAttrs' (cert: data: {
name = "acme-${cert}";
value = {
preStart = ''
if [ -d /var/lib/acme/.lego/accounts -a -! -d /var/lib/acme/.lego/${cert}/accounts ]; then
cp -a /var/lib/acme/.lego/accounts /var/lib/acme/.lego/${cert}/accounts
fi
if [ -d /var/lib/acme/.lego/certificates -a -! -d /var/lib/acme/.lego/${cert}/certificates ]; then
mkdir -p /var/lib/acme/.lego/${cert}/certificates
cp -a /var/lib/acme/.lego/certificates/${data.domain}.* /var/lib/acme/.lego/${cert}/certificates/
fi
chown -R ${data.user}:${data.group} /var/lib/acme/.lego/${cert}/
'';
};
}) config.security.acme.certs;
You can remove this code again when you have switched to this configuration and the data migration has been performed.