summary refs log tree commit diff
path: root/doc/guix.texi
diff options
context:
space:
mode:
authorCarlo Zancanaro <carlo@zancanaro.id.au>2024-01-31 11:46:23 +0000
committerClément Lassieur <clement@lassieur.org>2024-01-31 16:54:12 +0100
commitfc0ec9a3cc2707260b88c79286e91fa1a3a594cb (patch)
tree1b371c4b5ded400d539d15252bdfc0cb208e7d89 /doc/guix.texi
parenta2b1ef903be001d5abfc47fc3e8add04fb748ff3 (diff)
downloadguix-fc0ec9a3cc2707260b88c79286e91fa1a3a594cb.tar.gz
services: certbot: Create self-signed certificates before certbot runs.
* gnu/services/certbot.scm (<certificate-configuration>): Add
start-self-signed? field.
(generate-certificate-gexp): New procedure.
(certbot-activation): Generate self-signed certificates when
start-self-signed? is #t.
* doc/guix.texi (Certificate services): Document start-self-signed?.

Change-Id: Icfd85ae0c3e29324acbcde6ba283546cf0e27a1d
Signed-off-by: Clément Lassieur <clement@lassieur.org>
Diffstat (limited to 'doc/guix.texi')
-rw-r--r--doc/guix.texi6
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 97be37f9b5..732abceb0f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32690,6 +32690,12 @@ certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will
 contain a space-delimited list of renewed certificate domains (for
 example, @samp{"example.com www.example.com"}.
 
+@item @code{start-self-signed?} (default: @code{#t})
+Whether to generate an initial self-signed certificate during system
+activation.  This option is particularly useful to allow @code{nginx} to
+start before @code{certbot} has run, because @code{certbot} relies on
+@code{nginx} running to perform HTTP challenges.
+
 @end table
 @end deftp