diff options
author | Léo Gaspard <leo@gaspard.io> | 2023-11-14 20:29:50 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-11-14 20:29:50 +0100 |
commit | b1c25de57b225245433fb95fd995cb7293ed6af6 (patch) | |
tree | 261cc7705fb2599e03af83c1c64159caca4e6bf9 /nixos | |
parent | f7ac3fbf4eef7565d95803ae6be0fd7d19be1dfb (diff) |
nixos/acme: do not eat Let's Encrypt's request limits if misconfigured on first try (#266155)
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/acme/default.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/modules/security/acme/default.nix b/nixos/modules/security/acme/default.nix index 932bf3e791159..7cc302969fb6d 100644 --- a/nixos/modules/security/acme/default.nix +++ b/nixos/modules/security/acme/default.nix @@ -345,6 +345,10 @@ let serviceConfig = commonServiceConfig // { Group = data.group; + # Let's Encrypt Failed Validation Limit allows 5 retries per hour, per account, hostname and hour. + # This avoids eating them all up if something is misconfigured upon the first try. + RestartSec = 15 * 60; + # Keep in mind that these directories will be deleted if the user runs # systemctl clean --what=state # acme/.lego/${cert} is listed for this reason. |