Dear list,

Yesterday I was setting up a new server with letsencrypt on 16.09 and the 
certificate
renewal failed, causing my TLS setup to break.

Luckily, the bug that caused this has already been fixed in master and 
backported to 16.09 in https://github.com/NixOS/nixpkgs/pull/21102

However, Hydra is currently being annoying, which is making it impossible to 
currently push this fix to users 
(https://github.com/NixOS/nixpkgs/issues/21145).

For people using LetsEncrypt, it is important to temporarily patch your NixOS 
configuration such that your
certificates do not expire due to the renewal service crashing.

First, clone nixpkgs such that you can refer to the fix (I used it as a 
submodule):

$ git clone g...@github.com:nixos/nixpkgs.git
$ cd nixpkgs; git checkout 8341cfb6
$ cd ..

Now add this line to your configuration.nix (making sure PATH/TO/nixpkgs points 
to where you cloned the repo):


nixpkgs.config.packageOverrides = pkgs: rec { simp_le = pkgs.callPackage 
PATH/TO/nixpkgs/pkgs/tools/admin/simp_le {}; };


now rebuild and you should be fine.

Once the update has been built by hydra, it is safe to delete this line again.


Cheers,

Arian van Putten
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev

Reply via email to