Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
When using the DNS resolvers of my VPS provider with the
cloudflare
DNS provider, theDNS-01
challenge always fails because lego does not see the TXT record propagate in time.--dns.disable-cp
(security.acme.certs.<name>.dnsPropagationCheck
) doesn't seem to help here. Explicitly adding the authorative DNS server via--dns.resolvers "jade.ns.cloudflare.com"
to the lego command line would fix this problem, but the acme module does not provide an option to add global options.#80900 already added
extraLegoRenewFlags
to allow specifying extra options for therenew
subcommand. This PR extends this with aextraLegoRunFlags
option for therun
subcommand and anextraLegoFlags
option for global lego options. These serve to both solve the above problem and expose several lego cli options that are currently inaccessible but may be of interest to advanced users.Things done
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)