summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorCarlo Zancanaro <carlo@zancanaro.id.au>2024-01-31 11:46:23 +0000
committerClément Lassieur <clement@lassieur.org>2024-01-31 16:54:12 +0100
commitfc0ec9a3cc2707260b88c79286e91fa1a3a594cb (patch)
tree1b371c4b5ded400d539d15252bdfc0cb208e7d89 /doc
parenta2b1ef903be001d5abfc47fc3e8add04fb748ff3 (diff)
services: certbot: Create self-signed certificates before certbot runs.
* gnu/services/certbot.scm (<certificate-configuration>): Add start-self-signed? field. (generate-certificate-gexp): New procedure. (certbot-activation): Generate self-signed certificates when start-self-signed? is #t. * doc/guix.texi (Certificate services): Document start-self-signed?. Change-Id: Icfd85ae0c3e29324acbcde6ba283546cf0e27a1d Signed-off-by: Clément Lassieur <clement@lassieur.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi6
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 97be37f9b5..732abceb0f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32690,6 +32690,12 @@ certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will
contain a space-delimited list of renewed certificate domains (for
example, @samp{"example.com www.example.com"}.
+@item @code{start-self-signed?} (default: @code{#t})
+Whether to generate an initial self-signed certificate during system
+activation. This option is particularly useful to allow @code{nginx} to
+start before @code{certbot} has run, because @code{certbot} relies on
+@code{nginx} running to perform HTTP challenges.
+
@end table
@end deftp