Merge pull request #91121 from m1cr0man/master

Restructure acme module
2025-07-13 21:50:33 +03:00 · 2020-09-06 18:26:22 +02:00 · 2020-09-06 18:26:22 +02:00 · d7046947e5
commit d7046947e5
parent 2dd41576fb 34b5c5c1a4
16 changed files with 897 additions and 733 deletions
--- a/nixos/doc/manual/release-notes/rl-2009.xml
+++ b/nixos/doc/manual/release-notes/rl-2009.xml
@ -394,6 +394,20 @@ php.override {

     </para>
   </listitem>
+   <listitem>
+    <para>
+     The ACME module has been overhauled for simplicity and maintainability.
+     Cert generation now implicitly uses the <literal>acme</literal>
+     user, and the <literal>security.acme.certs._name_.user</literal> option
+     has been removed. Instead, certificate access from other services is now
+     managed through group permissions. The module no longer runs lego
+     twice under certain conditions, and will correctly renew certificates if
+     their configuration is changed. Services which reload nginx and httpd after
+     certificate renewal are now properly configured too so you no longer have
+     to do this manually if you are using HTTPS enabled virtual hosts. A mechanism
+     for regenerating certs on demand has also been added and documented.
+    </para>
+   </listitem>
   <listitem>
     <para>
      Gollum received a major update to version 5.x and you may have to change