pyrox.dev
nixos/acme: do not eat Let's Encrypt's request limits if misconfigured on first try (#266155)
authored by Léo Gaspard and committed by GitHub b1c25de5 f7ac3fbf
+4
nixos/modules/security/acme/default.nix
+4
nixos/modules/security/acme/default.nix
···
345
345
serviceConfig = commonServiceConfig // {
346
346
Group = data.group;
347
347
348
+
# Let's Encrypt Failed Validation Limit allows 5 retries per hour, per account, hostname and hour.
349
+
# This avoids eating them all up if something is misconfigured upon the first try.
350
+
RestartSec = 15 * 60;
351
+
348
352
# Keep in mind that these directories will be deleted if the user runs
349
353
# systemctl clean --what=state
350
354
# acme/.lego/${cert} is listed for this reason.