summary refs log tree commit diff
path: root/nixos/modules/security/acme.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/security/acme.nix')
-rw-r--r--nixos/modules/security/acme.nix9
1 files changed, 7 insertions, 2 deletions
diff --git a/nixos/modules/security/acme.nix b/nixos/modules/security/acme.nix
index dcea137b52e..be4762da8d1 100644
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -391,8 +391,13 @@ let
           fi
 
         # Otherwise do a full run
-        else
-          lego ${runOpts}
+        elif ! lego ${runOpts}; then
+          # Produce a nice error for those doing their first nixos-rebuild with these certs
+          echo Failed to fetch certificates. \
+            This may mean your DNS records are set up incorrectly. \
+            ${optionalString (cfg.preliminarySelfsigned) "Selfsigned certs are in place and dependant services will still start."}
+          # Exit 2 so that users can potentially amend SuccessExitStatus to ignore this error.
+          exit 2
         fi
 
         mv domainhash.txt certificates/
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-27 17:49:02 +0000