nixos/acme: do not eat Let's Encrypt's request limits if misconfigured on first try (#266155)

This commit is contained in:
Léo Gaspard 2023-11-14 20:29:50 +01:00 committed by GitHub
parent f7ac3fbf4e
commit b1c25de57b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -345,6 +345,10 @@ let
serviceConfig = commonServiceConfig // { serviceConfig = commonServiceConfig // {
Group = data.group; Group = data.group;
# Let's Encrypt Failed Validation Limit allows 5 retries per hour, per account, hostname and hour.
# This avoids eating them all up if something is misconfigured upon the first try.
RestartSec = 15 * 60;
# Keep in mind that these directories will be deleted if the user runs # Keep in mind that these directories will be deleted if the user runs
# systemctl clean --what=state # systemctl clean --what=state
# acme/.lego/${cert} is listed for this reason. # acme/.lego/${cert} is listed for this reason.