ACME

From NixOS Wiki
Revision as of 11:28, 22 April 2023 by Onny (talk | contribs) (Initial page)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

NixOS supports automatic domain validation & certificate retrieval and renewal using the ACME protocol. Any provider can be used, but by default NixOS uses Let's Encrypt. The alternative ACME client lego is used under the hood.

Setup

Following example setup generates certificates using DNS validation. 

security.acme = {
  acceptTerms = true;
  defaults.email = "admin+acme@example.com";
  certs."example.com" = {
    domain = "*.example.com";
    dnsProvider = "rfc2136";
    credentialsFile = "/var/lib/secrets/certs.secret";
    # We don't need to wait for propagation since this is a local DNS server
    dnsPropagationCheck = false;
  };
};

See also

Retrieved from "https://nixos.wiki/index.php?title=ACME&oldid=9397"