From: Ismaƫl Bouya Date: Sat, 23 Oct 2021 00:06:42 +0000 (+0200) Subject: Fix ISRG root certificate chain X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=ad6d50d9968b271480ff68c018b12623ad553e87;p=perso%2FImmae%2FConfig%2FNix.git Fix ISRG root certificate chain --- diff --git a/modules/private/certificates.nix b/modules/private/certificates.nix index 1881ac8..b97d0bc 100644 --- a/modules/private/certificates.nix +++ b/modules/private/certificates.nix @@ -142,6 +142,14 @@ ''); ExecStartPost = let + ISRG_Root_X1 = pkgs.fetchurl { + url = "https://letsencrypt.org/certs/isrgrootx1.pem"; + sha256 = "1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; + }; + fix_ISRG_Root_X1 = pkgs.writeScript "fix-pem" '' + cat ${ISRG_Root_X1} | grep -v " CERTIFICATE" | \ + sed -i.bak -ne "/MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ {r /dev/stdin" -e ":a; n; /Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5/ { b }; ba };p" chain.pem fullchain.pem full.pem + ''; script = pkgs.writeScript "acme-post-start" '' #!${pkgs.runtimeShell} -e install -m 0755 -o root -g root -d /var/lib/acme @@ -163,6 +171,7 @@ chmod ${fileMode} *.pem chown '${data.user}:${data.group}' *.pem + ${fix_ISRG_Root_X1} if [ "$KEY_CHANGED" = "yes" ]; then : # noop in case postRun is empty