From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms1.migadu.com with LMTPS id kFGkAVzdGWb+aAAAe85BDQ:P1 (envelope-from ) for ; Sat, 13 Apr 2024 03:18:20 +0200 Received: from aspmx1.migadu.com ([2001:41d0:303:e224::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id kFGkAVzdGWb+aAAAe85BDQ (envelope-from ) for ; Sat, 13 Apr 2024 03:18:20 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=q8vZ9Nzs; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1712971100; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=BQrJb2JGXbRsWKjMnxPQTjlEfJ43mNUHuXasebGHdg4=; b=N5uu7tQPrMvALf2S8hxi83SOLoKLmSQfWRC6FkjiuB67DuObNouZbmk1EmLxIonXE9ca7E iq8xzJ9DGiFCzd6NpjVcHuBLK8eyLg4uZqu8/xL8xBrKh9iqNBxONEd6GQ0+RvvmNW/AfX 9p4h4KyCqFKVEjxOKpjQnuKqxxC3JRBGuZLlGNQ3GyUyrNsWvm46S1qtRfbA3DSn8g0aZ9 CrKamY7yWY2Sy5u8PJytKHAse48AA9WyqXGRcrHGumK2g/d0hLuwEXUvsqIreTtgpYbb4Y RKa2q9wV93/XqbldpnhQ2ybyhUvU7YB5xV0yqR2NgPKZ3a/FuJPBMksZKN/W7g== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1712971100; a=rsa-sha256; cv=none; b=t2dvOw0TMd2OYLwOwxDeclBaPM6YqLN2/3IxeaysWSk4tkb5py6QyOhdouQg3YOi06LqA9 duDrgsfP5scAL27PbDm7zunq+vNqpczFgTjcMS9Fy010B1oIEL1o61hr1P+GRlHwgCAn06 5QmrwKCv1Xd6WmsjeOrXh8DqF5Zy3whaiMRSo78o/cfX/m1xXyHqXYSgfZGO+Y3ecb8e80 AIV6hpmRcLcSitASV3eXIGLV8mmG9fMR+tEOyHb2i//PXEqiKAGzkGzdDFel0TIvPB2TxX sI8qThP+mfXgG6Y70FvyWX+scSbfiRs+c9meSZZyBR69O4VvbjGiyl+Hp175zw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b=q8vZ9Nzs; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D64DE25D4A for ; Sat, 13 Apr 2024 03:18:19 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rvS1W-0007Ou-Po; Fri, 12 Apr 2024 21:17:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rvS1V-0007Ob-3Z; Fri, 12 Apr 2024 21:17:41 -0400 Received: from sail-ipv4.us-core.com ([208.82.101.137]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1rvS1R-0001wn-Jj; Fri, 12 Apr 2024 21:17:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=lW3IymwWaHELl9c dZxuseQkOd1s9ezekjKD3M2s0ib4=; h=date:references:in-reply-to:subject: cc:to:from; d=lease-up.com; b=q8vZ9NzsaAjTpQBl2vyiDAYO+JbyWGcGjpWsXGy6 ah5+9FRGvjrag7aJi3+tWGWwQ7Fs4HKuGir4XfGZWyEXlCtzmbONVUIgUnIMLSj21gAW1S jqo9+EVSUtqBfQNllG+A8fhA4uA2fOnB062679RtycENLrZnAFP6AFIjif8U0= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 8b61600f (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Sat, 13 Apr 2024 01:17:34 +0000 (UTC) To: =?utf-8?Q?Cl=C3=A9ment?= Lassieur , Felix Lechner via Bug reports for GNU Guix Cc: Carlo Zancanaro , guix-devel@gnu.org, brice@waegenei.re Subject: Re: bug#46961: [PATCH v2 0/4] Make certbot play more nicely with nginx In-Reply-To: <8734uevcf3.fsf@lassieur.org> References: <875xzanaer.fsf__22488.5524179385$1706626282$gmane$org@lease-up.com> <8734uevcf3.fsf@lassieur.org> Date: Fri, 12 Apr 2024 18:17:33 -0700 Message-ID: <871q7a2h8y.fsf@lease-up.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=208.82.101.137; envelope-from=felix.lechner@lease-up.com; helo=sail-ipv4.us-core.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner From: Felix Lechner via "Development of GNU Guix and the GNU System distribution." Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -5.90 X-Spam-Score: -5.90 X-Migadu-Queue-Id: D64DE25D4A X-Migadu-Scanner: mx12.migadu.com X-TUID: Q4DQ9XzavbzK Hi Cl=C3=A9ment, On Tue, Jan 30 2024, Cl=C3=A9ment Lassieur wrote: > Carlo's solution allows to have a working nginx even when certbot > fails. I just upgraded a server to the latest Guix version, which I think includes a version of this patch. To my surprise OpenSSL, which I saw in proced, generated a lot of certificates in /etc/certs. I am talking about pages and pages of asterisk, plusses, and dots for a system with twenty or so certificates. Is it possible that they were generated as a result of the patch? It would be unfavorable to create such certificates when they are not needed. It reduces valuable server entropy. Kind regards Felix