From b1c25de57b225245433fb95fd995cb7293ed6af6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Gaspard?= Date: Tue, 14 Nov 2023 20:29:50 +0100 Subject: [PATCH] nixos/acme: do not eat Let's Encrypt's request limits if misconfigured on first try (#266155) --- nixos/modules/security/acme/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 932bf3e79115..7cc302969fb6 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -345,6 +345,10 @@ let serviceConfig = commonServiceConfig // { Group = data.group; + # Let's Encrypt Failed Validation Limit allows 5 retries per hour, per account, hostname and hour. + # This avoids eating them all up if something is misconfigured upon the first try. + RestartSec = 15 * 60; + # Keep in mind that these directories will be deleted if the user runs # systemctl clean --what=state # acme/.lego/${cert} is listed for this reason.