I am new to NixOS and I would like to use it to serve a Elixir Phoenix application.
In order to do so, I was trying to configure the security.acme
options in my /etc/nixos/configuration.nix
in order to get self-signed certificate:
…
security.acme = {
certs = {
"myapp.location.example.com" = {
webroot = "/var/www/myapp";
email = "me@example.com";
};
};
renewInterval = "minutely";
preliminarySelfsigned = true;
};
…
According to the documentation, it seems preliminarySelfsigned
is true
by default anyway.
So, I do not have a running server yet, but I was expecting a self-signed certificate to be generated after adding this configuration. However, I do not see any certificates in /var/lib/acme
. I noticed that the /var/lib/acme/myapp.location.example.com
folder was created with a account_key.json
file inside but nothing else.
Is this the expected behavior? If so, how can I get the self-signed certificate?
For information, I installed NixOS with the minimal installation CD and here is my full /etc/nixos/configuration.nix
file:
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
i18n = {
consoleFont = "Lat2-Terminus16";
consoleKeyMap = "no";
defaultLocale = "en_US.UTF-8";
};
environment.systemPackages = with pkgs; [
wget
vim
openssl
];
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa ***" # Sanitized value
];
security.acme = {
certs = {
"myapp.location.example.com" = { # Sanitized value
webroot = "/var/www/myapp"; # Sanitized value
email = "me@example.com"; # Sanitized value
};
};
renewInterval = "minutely";
preliminarySelfsigned = true;
};
system.stateVersion = "19.03";
}