Merge pull request 'garage: fix wildcard DNS cert renewal with wildcard CNAME records' (#245) from fix-dns-cert-renewal into main

Reviewed-on: pub-solar/infra#245
Reviewed-by: hensoko <hensoko@noreply.git.pub.solar>
This commit is contained in:
teutat3s 2024-10-24 12:51:41 +00:00
commit cef7a561f3
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
2 changed files with 47 additions and 46 deletions

View file

@ -31,6 +31,8 @@
security.acme = { security.acme = {
defaults = { defaults = {
# LEGO_DISABLE_CNAME_SUPPORT=true set here to fix issues with CNAME
# detection, as we use wildcard DNS for garage
environmentFile = config.age.secrets.acme-namecheap-env.path; environmentFile = config.age.secrets.acme-namecheap-env.path;
}; };
certs = { certs = {
@ -40,7 +42,6 @@
webroot = null; webroot = null;
# enable dns challenge # enable dns challenge
dnsProvider = "namecheap"; dnsProvider = "namecheap";
dnsPropagationCheck = false;
}; };
# Wildcard certificate gets created automatically # Wildcard certificate gets created automatically
"web.${config.pub-solar-os.networking.domain}" = { "web.${config.pub-solar-os.networking.domain}" = {
@ -48,7 +49,6 @@
webroot = null; webroot = null;
# enable dns challenge # enable dns challenge
dnsProvider = "namecheap"; dnsProvider = "namecheap";
dnsPropagationCheck = false;
}; };
}; };
}; };

View file

@ -1,47 +1,48 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 NID4eA ST5vuBY34mBdhLIkNLqaIOY9Bbp34OcNCm5t39OpR1U -> ssh-ed25519 NID4eA WtfgDmnK5l9s9DMhWgmk+tel+/uqPx8SHBd0qfWY3jk
abFLT6kV7/nX/wSV+V/2GSCa2vOuZgCnn5edh5ixNxg ZS3Qu4v3pnA+lYzJ3kad7T3LhcY7oE8fPsGQ1uQH1AA
-> ssh-ed25519 9RQHxg AXA6PsHeeFJh55sX5uO+HVshRlRzNxvSIGCpPChorUA -> ssh-ed25519 9RQHxg SpHG3ijNizTi1YXvZCJS79Uwt4oGkYzqIme+eqQi9AQ
30i8zc2wjovEn0LLh8YzUupRGeQQqeMf6Mhkx2t5xhk GqVhyfaTF6tLwuo0vIby0vBv3JufHz59IdNX9ifWtSA
-> ssh-ed25519 eP5MMw ZXLt8+mk1I4CtbXe7fAW69kbHViKHSmfI5N0bU738yc -> ssh-ed25519 eP5MMw 9uU7tlyOzOxlsW/bfUmzjgicU3i2J5uCGWEVIljnHiM
lexop3bpWsTUdd3y5y0kODgKwhdOeF76Meavv/Br54M tDJdTB1rBJTXVaGFOOmtG5n2Ae0XOCsi41S0EagRmeM
-> ssh-ed25519 uYcDNw UdYgsm2ZxtFOPXV9pnSt5d7K/hWfrg2GoVzG48ziOFc -> ssh-ed25519 uYcDNw ge+lEVE8+pS/S+eO+6sPqo/czym30CJbQnhTp11NsW4
EXvAGb9aPu3GLsjl0QXEQgVuiHKSrQaMEW0UBcQmpZA jxL7Xhn/7JRylJ/JbeGkmhMMeJ8G2KPEKVVq1icQXKU
-> ssh-rsa f5THog -> ssh-rsa f5THog
r7bcUkt6dUxG5uYuLYfpfT+/DrConi8lzZwXQr/NTPc0NduG5qHktgesVpVN1Hyj Ybod3f7gvCiBUcNyLV6AXoBchtRGspQah9JwygSGCtBKmWPOUSw3/DVva9nPVwHB
a9ziumKtnSxmhdzJESRMezkQG7fK7qpjQI99tYmIM3unjq/dg8/GTQbMKnZY57o+ q4t05bEHINMZIoWy4l3VQ1jw+GTxW+6OeWDHrxHOG2hlu1/OT0tZnsQIjWwT/6Sg
Itu0LW9MKH83Z/3Vcv3qLZmULtcsfcXqjwIr2SDOjjsMhENG4KmOzX6wOVYuSWkp fzy6X04yD2ADkwHH6VJYjC2Lxa7kEOeCeKOACyyab7rlXk+HauytUDlcF3Nl3nOc
96fSGuFCy5cWrd6omfcqwQDGHd7APw6+bHwQ2rhCqkGSk+fAjJFEVgjKYowHtt+5 JQZzfwIORU0XWVy+gDocwVqDaRJXZxhMW8oDjlU8BKgf/DpvExLfuZ9AHHJBU0Y9
sq1a7E5xZjNAETU9xw+baehMCXwSAuUdYGK5KTLtCar3c+FLPUtfapadsAR65iB5 HefbTbGO1s5J0T+HEkuIDce9iPQEe8ufaSVO6tKyHpgguIAiLIkjqrdLNRmXv/y8
/uqoRLZidpFkFl1yDsboo0uq0esRSrb9xy0KXIR7XeKaEjSKKgwFeefZrQ1Z968f 9W653Xqar7fimd/sykb4K/PpdwvQcB9Ogy23t6s3Qxz5yPtC2m8IC3lgR+N+/nJO
opXm/rmgkh202vO2NLQfDUz81hBrW+JH6E/SmKIYGYFIauoaxmYWzpaSmq7IAfIj n29QuXFBNUZu/QBXnWMS2QF09MGE2aav/CiwFuNiTf5D4UGGN3Y7XhX/KVOFJTZX
2pxVyz74ryaYU9brJB/LsWc0elCcl1zo/e0OcxaLzzocDftpNk+dmYNQ5GuLFV9K r1GLtch6rvD9RtfyKxAdbtCqbBEQJmoiut9ia5EzG4TvdPAE4XK3QNTn2BSmfjvI
uKh9uOopqTcrSLKiQ3Jnvsj5LEltv7oJE4u2OZyR6erCpz6ZL0bb2xJ+EkRTuvq5 3aXiXOFSbdJqkxyI6ZU2mUMMor3OWrXxWizDDYef6iHZxGlWFqA/kVXyZgdwTK9n
2ktXvSCMOWp0j7pHDeMQaldU656w0AS9JgoOSl22euZBFC1qxwvymFYNPLAAQBTU 8Re6SYR8roH7T35eILzP4sskElN32UO/A+JyGfP1lOclGTlOrtp4HYTfY0NhhRJT
bojIYFtJQGv3hrCgAWSJXL5yEcVVBUQV4GU0EAelq6k L7YIB0pNbaRxMBsxsxwU47j3qMkaO1uzP+DgpUacWJY
-> ssh-rsa kFDS0A -> ssh-rsa kFDS0A
dc3I3vVWe3V5XtUaNsIuFdes+nN7D981BPS9CdyQv/lDHf+G+KecyqeqPF1ZHq/F GJjiIApapBS6F8pmh6lblCHG3FlVWL+WKN1Gi2u/6Pa1YbkiBCgYFTQBwm5GsBMR
emnfGZDGjemSjd5hPDLkFKQ2zmKH+qabH5s2YYH3OgQc4xtdVfuhfEH+MAgO2ajy 4tQwRJcQQDGgGddIH4/QcMAl1fTYLm3N1w8rueywgAbOwaWktKnJFYTj7lS6PSNr
1PFAu9qyCXz8h30LIcXI69rILAUPrFbWGFxfAEAjV5PXdOj9BcDDpa6vafY9etVL bZyqyiGvgi0oYYSVjRnm7MmCrycuKmhcGHv1ijj5J8yOxe6qFsomsn9QZm1DmR/m
mQQYSIyocUkFNhYUAivXcNzQEW5RY1sJkW4184BTdNyqnjBd1QtIRryssaod3rC6 EZmc5DIYXjhuauzGgqtPVmjHi6hXTN8NX7Fg81aegko79yA12hmyHmaBj4P96Kqv
oGfxFUoOSG0o4QtrZfoo7Re8sR5gLVZrjBsoUAihQ/PgTk69JRsmAHef63rfNHO/ RyWZ9Moc3ccyxq74jNzp0eFuPNhUJuNBqrKozCc2Lo3KQAmoqI27THkF/HA8ECGP
4tmQzDA2F+cj1HtPPqpyetBRoxaRmJiNy4pmEkxFh3I9YSYdWPCDm6ntXcxi6KNK BJDK7JdHBXyHhf/Fc5O5xOxHieIU8tHR0LLJn7VEvQyqTlKmWkZ5J53AqE8UDmm9
G41LzGy882EsiXeKAtX88FndEv70Ks7aXCk8RKiCJDRWUQAZhKfWN4/epZRwRupI 0gY6zFh7h3SjyBwqktzGJ9zXn3bp4fpg0M1+SaYp9Qf6hkJ9k79Zth4s4ggxgvOl
ESceZCAElqI1QDyFnfuvDRkgjvyCeMqRG0vvgvTQdUW/2CSADeqKe0/MwNiwWFGJ veib2sg3PCmL1OCMPMtyW3JkKsq0J+PtJdlAC9cmVvfvAMHKy2+aADsLt0H8Cpt2
g8jg9zZk7lT6AiqsclsmbW6hLA/+Gh8Yn7uuix57NxlNcB/MFoKVhLRlEfqSQz3O cNOxbnU29eLWgG9uzcCXfqqNtmSia6LUMu71GahAuteZUV8RnDOZdCNW4U2Ohnq/
ZeEs0aGS5Q3GB1Up5dh5ug7QiMxNyGPKtZKCfE/fcVriGV1s7mdMk/v6DBGRDZYP 9znMqERVo0d3LgjaB0P3HXCCqhVFYTTDWg31R6N2RzSh7mb02CFgt7N+vHleQqAo
cZT2eCqO4CR498DcZmEGmblzM5j5HecoIT1MRlpKGnE G/6Pb+kKYSEbU884z95+o56eQrvPunCN9Vu1CjEBfG4
-> piv-p256 vRzPNw ApGjOu3qnsHn8q8MRNsM+hK8FdQa7c4mjWvBDgV6zzYr -> piv-p256 vRzPNw A2dcPImS0ih5CjePQP5oPrPfwns6zAMP0J72P7fyzD/A
zLZTP4agbTP96RdSDRaQE0QLCdiAw7PVgS7vqHCiOc0 p46umKyZjbc1MjOQGnJIRu6V99O+/PmVXQvryX/9XW4
-> piv-p256 zqq/iw A1RFt8g45pY/xKZHYRcrIKFWWVu1moRiEqYUNFzIMQnq -> piv-p256 zqq/iw A5nBHU2O+bxsFqplf2GV6pK5wQ+hJ9l7tyFIe57QVKzw
NLOrT+6BNE0Oj/RbTZ08y75o2+/Ze2iFEHU08WDkUPo Ik6aUY3t4geZ3yiWPqBGlBem9xNU83x7t3UA7pYB55I
-> ssh-ed25519 YFSOsg rHIQYA0LpOtjV/Qy5FvsLkICwAHny1wcRji2t+nk7Uk -> ssh-ed25519 YFSOsg OhynWXlurzqU3ohq1ecH018Ja4wyWazDLv6isajeBUE
yvU8CdJAvt1TUlC8GjdBWvV49UzPJsrGSdjM1SBk3KE Xnjo8yS9IkMwCGNeLi6BABYxjXDLbpuTrVfwAxjDWdQ
-> ssh-ed25519 iHV63A cTbbkXP0/MCZopICjPI4FlFPNhwJUQRzfhvkQ+0tMW0 -> ssh-ed25519 iHV63A 5CVIOtSwima5gIvwoAYExcy1tfOo8942RQ+SsflPbAM
WQYU05l05fp9WriD/DcImXpq1QxtGYt9HMCQZEvFmv4 4HV21GcuyddIjonOZZFgjgpR5smjce7OlMN3DCy0/sU
-> ssh-ed25519 BVsyTA d/HQ6tLuyFmCbWNx2Y34f3lX7wmHkRjnXle4y7DYiC0 -> ssh-ed25519 BVsyTA mkLu2Vpr16bAZWimh6sViq5HlB1+lNOc2WPCxzgfqAg
TLk1E+wSdZjoNEhn6VYjVg9WUOU7Flntx0+lF4AY/kQ cIDgWit139jipd7XmZcT8mTRDKK8rJV9xIxIaPVL9pM
-> ssh-ed25519 +3V2lQ Pjkt+aKYUa9w4qELEpYc6bm2EfBPf0HhmHAXAfix3wA -> ssh-ed25519 +3V2lQ eqfktAyV2Pia7T7XEfcYiHN9Jd4zivMzJk3in4XOTx0
zL+wczUJ632M+9PSEWTLc0UikNL1QSFyjuaKqvY8NQo gZzO+MTyBOJR1EgGn4Mhh4rnIyr3N9gmlFty83ou+GU
--- +CyD1ByF5fDQgtfi7NfiASk8ldY8LOJE/nOUe/JnSFE --- yJrzTzStOkRCNRu3Y+knfqTqHrwW0S0Bsko7oG/s86o
^QlÚH2ü¬(¢B¸ ²ŸÔÑêž^¬•¬qa;Y[bIÛ¡øcú7Çß[YŽýëÙ«)ÐðÀqa,Rcƒür<C3BC>^Le’ÈnØ~¶w<­œU†—û3ë„~n°<6E>™QS0ŽÐ«Ì ®,Bgm°þ÷€fåT¾èä`1†&1³%7Q˜(¯•¸Ÿ:?ßÝ
êÎø—æ‡ðj£ùÄO_rqwÃÏi£O®´D·)@0•ZK'óô+apU§<Ö`ºõµœctª. þ¡<C3BE>ÌXÇNæ+íŒÂh†Ù=‰'‡VÑn^HHöv±5aa²nKÝþ×