Nixos, deploy in a VM: how to test https website (ACME/Let's encrypt)


I’d love to be able to test locally the changes I do to my server by deploying into a VM. However, I’m not sure to see how to deal with https. Indeed, even if I manage to give the correct domain name to my VM (not sure how yet but guess it’s feasible), I don’t see how it’s possible to make them request a certificate to Let’s Encrypt (configured with acme): indeed the domain will never be reachable from outside, so let’s encrypt won’t help here.

One option would be to re-enable http and disable https for my local tests, but it’s a bit sad as most of the times the issues I have come from https settings.

Is there a solution to that problem?



I think acme first generates a self-signed certificate before trying to get the real one. So, in your test VM, acme will fail but you could still access your https endpoint, by manually trusting the self-signed certificate.

For individuals interested in the acme module, please take a look at Restructure acme module by m1cr0man · Pull Request #91121 · NixOS/nixpkgs · GitHub

Please try not to spam the Let’s encrypt servers with invalid requests. Set something like security.acme.server = "";
Together with security.acme.preliminarySelfsigned = true; you’ll still get your self-signed certificates.


Thanks a lot! I’ll try to set it up and I’ll come back if anything fails. Thanks!

Hosted by Flying Circus.