...

2 files changed, 5 insertions, 2 deletions

diff --git a/hosts/surtr/dns/default.nix b/hosts/surtr/dns/default.nix
index b5be6887..5f69c350 100644
--- a/hosts/surtr/dns/default.nix
+++ b/hosts/surtr/dns/default.nix
@@ -6,7 +6,7 @@ let
   acmeChallengeZonefile = domain: let
     reverseDomain = concatStringsSep "." (reverseList (["_acme-challenge"] ++ splitString "." domain));
   in pkgs.writeText "${reverseDomain}.zone" ''
-    $ORIGIN ${domain}.
+    $ORIGIN _acme-challenge.${domain}.
     @ 3600 IN SOA _acme-challenge.${domain}. root.yggdrasil.li. 2022022102 7200 3600 86400 300
     $TTL 300
 
diff --git a/hosts/surtr/tls/default.nix b/hosts/surtr/tls/default.nix
index 936aa106..7e6b370c 100644
--- a/hosts/surtr/tls/default.nix
+++ b/hosts/surtr/tls/default.nix
@@ -94,7 +94,10 @@ in {
       defaults = {
         email = "phikeebaogobaegh@141.li";
         keyType = "rsa4096"; # we don't like NIST curves
-        # extraLegoFlags = ["--preferred-chain" "ISRG Root X1"];
+        extraLegoFlags = [
+          "--always-deactivate-authorizations" "true"
+          # "--preferred-chain" "ISRG Root X1"
+        ];
       };
       certs =
         let