From b178c337673eb9c3b500d7920320a71ce65c82b5 Mon Sep 17 00:00:00 2001
From: Anonymous <anon@anon.com>
Date: Thu, 9 Dec 2021 14:59:59 +0100
Subject: Created ACME (markdown)

---
 ACME.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 ACME.md

diff --git a/ACME.md b/ACME.md
new file mode 100644
index 0000000..88d4b8c
--- /dev/null
+++ b/ACME.md
@@ -0,0 +1,21 @@
+# ACME/SSL
+
+we now have our own letsencrypt-like service for internal certificates:
+
+## howto trust the CA
+```
+security.pki.certificateFiles = [(pkgs.fetchurl {
+ url = "http://ca.r/ca.crt"; # can be also downloaded from some other location like github/cgit
+ sha256 = "sha256-qd3HYc/HaMGbrHDjTKgs4QbHTRcA//xxr+fu1FnKBBs=";
+})]
+```
+for firefox/chromium the certificate needs to be added manually # TODO document this step
+
+## get a certificate from CA (need to trust CA first)
+
+```
+services.nginx.virtualHosts."myservice.r" = {
+  enableACME = true;
+}
+security.acme.certs."myservice.r".server = "https://ca.r/acme/acme/directory";
+```
\ No newline at end of file
-- 
cgit v1.2.3