Revert "Revert "add wildcard ACME certificate""

This reverts commit 0c4d57c33d.
2023-12-20 16:59:57 +04:00
parent c18f332f5f
commit 4faf8e7dda
9 changed files with 26 additions and 21 deletions
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@@ -27,13 +27,18 @@ in
      reloadServices = [ "nginx" ];
    };
    certs = lib.mkForce {
-      "${cfg.domain}" = {
+      "wildcard-${cfg.domain}" = {
        domain = "*.${cfg.domain}";
        extraDomainNames = [ "${cfg.domain}" ];
        group = "acmereceivers";
        dnsProvider = lib.strings.toLower cfg.dns.provider;
        credentialsFile = acme-env-filepath;
      };
+      "${cfg.domain}" = {
+        domain = cfg.domain;
+        group = "acmereceivers";
+        webroot = "/var/lib/acme/acme-challenge";
+      };
    };
  };
  systemd.services.acme-secrets = {