I have following on my configuration
users.users.nginx.extraGroups = [ "acme" ];
services.nginx = {
enable = true;
virtualHosts."0xcat.dev" = {
enableACME = true;
forceSSL = true;
locations."/.well-known/acme-challenge" = {
root = "/var/lib/acme/.challenges";
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "acme@0xcat.dev";
};
security.acme.certs."0xcat.dev" = {
webroot = "/var/lib/acme/.challenges";
email = "acme@0xcat.dev";
group = "nginx";
};
But this generates an error that webroot
is not set.
Longer error is below:
error:
Failed assertions:
- Exactly one of the options
`security.acme.certs.0xcat.dev.dnsProvider`,
`security.acme.certs.0xcat.dev.webroot`,
`security.acme.certs.0xcat.dev.listenHTTP` and
`security.acme.certs.0xcat.dev.s3Bucket`
is required.
I have a hunch that the check is somehow tripping on “0x” prefix of the domain name, but not sure.
This is on nixpkgs version
"nixpkgs": {
"locked": {
"lastModified": 1696019113,
"narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},