If you have a public domain somewhere, where you control the dns, you can also issue certificates via dns validation. But I think this currently not possible
with the existing module presented here. You can use dehydrated for instance: https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks This should also work in private networks. The domains do not even have to point to public ips in this case. On 2016-12-21 19:47, zimbatm wrote: > > Hi, > > Your VM needs to be reachable from the internet for letsencrypt to work. If > it's only for internal usage the best thing to do is to provision the machine > with certificates that you generate yourself and add a condition for > production. Alternatively keep it plain HTTP and have a tunnel in production > that does TLS termination. > > > On Wed, 21 Dec 2016, 11:20 Daniel Hlynskyi, <[email protected] > <mailto:[email protected]>> wrote: > > Hello all NixOps users. I'd like to build my production system with > libvirtd backend, but I'm stopped with a problem. SSL certificates can't be > obtained in virtualized environment. > > { > services.nginx.virtualHosts."example.domain" = { > enableSSL = true; > enableACME = true; > }; > } > > As far as I understand, letsencrypt tries to verify "example.domain", but > it points to production system, not to virtualized. > > What are my options to fix this issue? In the end I'd like to add virtual > server to VPN and test public entry points from developer machine. > _______________________________________________ > nix-dev mailing list > [email protected] <mailto:[email protected]> > http://lists.science.uu.nl/mailman/listinfo/nix-dev > > > > _______________________________________________ > nix-dev mailing list > [email protected] > http://lists.science.uu.nl/mailman/listinfo/nix-dev _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
