services: certbot: Create self-signed certificates before certbot runs.

* gnu/services/certbot.scm (<certificate-configuration>): Add start-self-signed? field. (generate-certificate-gexp): New procedure. (certbot-activation): Generate self-signed certificates when start-self-signed? is #t. * doc/guix.texi (Certificate services): Document start-self-signed?. Change-Id: Icfd85ae0c3e29324acbcde6ba283546cf0e27a1d Signed-off-by: Clément Lassieur <clement@lassieur.org>
author: Carlo Zancanaro <carlo@zancanaro.id.au> 2024-01-31 11:46:23 +0000
committer: Clément Lassieur <clement@lassieur.org> 2024-01-31 16:54:12 +0100
commit: fc0ec9a3cc2707260b88c79286e91fa1a3a594cb (patch)
tree: 1b371c4b5ded400d539d15252bdfc0cb208e7d89 /doc
parent: a2b1ef903be001d5abfc47fc3e8add04fb748ff3 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 97be37f9b5..732abceb0f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -32690,6 +32690,12 @@ certificates and keys; the shell variable @code{$RENEWED_DOMAINS} will
 contain a space-delimited list of renewed certificate domains (for
 example, @samp{"example.com www.example.com"}.
 
+@item @code{start-self-signed?} (default: @code{#t})
+Whether to generate an initial self-signed certificate during system
+activation.  This option is particularly useful to allow @code{nginx} to
+start before @code{certbot} has run, because @code{certbot} relies on
+@code{nginx} running to perform HTTP challenges.
+
 @end table
 @end deftp
author	Carlo Zancanaro <carlo@zancanaro.id.au>	2024-01-31 11:46:23 +0000
committer	Clément Lassieur <clement@lassieur.org>	2024-01-31 16:54:12 +0100
commit	fc0ec9a3cc2707260b88c79286e91fa1a3a594cb (patch)
tree	1b371c4b5ded400d539d15252bdfc0cb208e7d89 /doc
parent	a2b1ef903be001d5abfc47fc3e8add04fb748ff3 (diff)