diff options
Diffstat (limited to 'nixos/modules/security/acme.xml')
-rw-r--r-- | nixos/modules/security/acme.xml | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/nixos/modules/security/acme.xml b/nixos/modules/security/acme.xml index 17e94bc12fb2..517162d1a7bf 100644 --- a/nixos/modules/security/acme.xml +++ b/nixos/modules/security/acme.xml @@ -263,4 +263,28 @@ chmod 400 /var/lib/secrets/certs.secret ones. </para> </section> + <section xml:id="module-security-acme-fix-jws"> + <title>Fixing JWS Verification error</title> + + <para> + It is possible that your account credentials file may become corrupt and need + to be regnerated. In this scenario lego will produce the error <literal>JWS verification error</literal>. + The solution is to simply delete the associated accounts file and + re-run the affected service(s). + </para> + +<programlisting> +# Find the accounts folder for the certificate +systemctl cat acme-example.com.service | grep -Po 'accounts/[^:]*' +export accountdir="$(!!)" +# Move this folder to some place else +mv /var/lib/acme/.lego/$accountdir{,.bak} +# Recreate the folder using systemd-tmpfiles +systemd-tmpfiles --create +# Get a new account and reissue certificates +# Note: Do this for all certs that share the same account email address +systemctl start acme-example.com.service +</programlisting> + + </section> </chapter> |