Nixos, deploy in a VM: how to test https website (ACME/Let's encrypt)

tobiasBora · September 3, 2020, 4:40pm

Hello,

I’d love to be able to test locally the changes I do to my server by deploying into a VM. However, I’m not sure to see how to deal with https. Indeed, even if I manage to give the correct domain name to my VM (not sure how yet but guess it’s feasible), I don’t see how it’s possible to make them request a certificate to Let’s Encrypt (configured with acme): indeed the domain will never be reachable from outside, so let’s encrypt won’t help here.

One option would be to re-enable http and disable https for my local tests, but it’s a bit sad as most of the times the issues I have come from https settings.

Is there a solution to that problem?

Thanks!

lewo · September 3, 2020, 5:11pm

I think acme first generates a self-signed certificate before trying to get the real one. So, in your test VM, acme will fail but you could still access your https endpoint, by manually trusting the self-signed certificate.

jonringer · September 3, 2020, 6:26pm

For individuals interested in the acme module, please take a look at Restructure acme module by m1cr0man · Pull Request #91121 · NixOS/nixpkgs · GitHub

tokudan · September 3, 2020, 10:57pm

Please try not to spam the Let’s encrypt servers with invalid requests. Set something like security.acme.server = "https://127.0.0.1";
Together with security.acme.preliminarySelfsigned = true; you’ll still get your self-signed certificates.

tobiasBora · September 4, 2020, 12:55pm

Thanks a lot! I’ll try to set it up and I’ll come back if anything fails. Thanks!