[Nix-dev] Caution: LetsEncrypt broken in 16.09 - fix included in this mail

Putten, A. van (Arian) a.vanputten at uu.nl
Thu Dec 15 16:03:30 CET 2016


Dear list,


Yesterday I was setting up a new server with letsencrypt on 16.09 and the certificate
renewal failed, causing my TLS setup to break.

Luckily, the bug that caused this has already been fixed in master and backported to 16.09 in https://github.com/NixOS/nixpkgs/pull/21102

However, Hydra is currently being annoying, which is making it impossible to currently push this fix to users (https://github.com/NixOS/nixpkgs/issues/21145).

For people using LetsEncrypt, it is important to temporarily patch your NixOS configuration such that your
certificates do not expire due to the renewal service crashing.

First, clone nixpkgs such that you can refer to the fix (I used it as a submodule):

$ git clone git at github.com:nixos/nixpkgs.git
$ cd nixpkgs; git checkout 8341cfb6
$ cd ..

Now add this line to your configuration.nix (making sure PATH/TO/nixpkgs points to where you cloned the repo):


nixpkgs.config.packageOverrides = pkgs: rec { simp_le = pkgs.callPackage PATH/TO/nixpkgs/pkgs/tools/admin/simp_le {}; };


now rebuild and you should be fine.

Once the update has been built by hydra, it is safe to delete this line again.


Cheers,

Arian van Putten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20161215/528f9861/attachment.html>


More information about the nix-dev mailing list