mermet: knot: enable CAA validationmethods= and accounturi=

diff --git a/hosts/mermet/knot/autogeree.net.nix b/hosts/mermet/knot/autogeree.net.nix
index 7e495847ab536d1e6b22c7471ba01c9e6560de04..fcf97932ad02ca01f1b370e1ffe332eea43b84e0 100644 (file)
--- a/hosts/mermet/knot/autogeree.net.nix
+++ b/hosts/mermet/knot/autogeree.net.nix
@@ -54,7 +54,7 @@ let
 
       ; CAA (Certificate Authority Authorization)
       ; DOC: https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum
-      @ CAA 128 issue "letsencrypt.org"
+      @ CAA 128 issue "letsencrypt.org; validationmethods=dns-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/79737822"
     '';
 in
 {

diff --git a/hosts/mermet/knot/sourcephile.fr.nix b/hosts/mermet/knot/sourcephile.fr.nix
index 5e5b16b12f84616c8ec1f64532dab8511e71fb6e..95250a4472378a641de40fc26bac881613bd8a92 100644 (file)
--- a/hosts/mermet/knot/sourcephile.fr.nix
+++ b/hosts/mermet/knot/sourcephile.fr.nix
@@ -87,7 +87,7 @@ let
 
       ; CAA (Certificate Authority Authorization)
       ; DOC: https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum
-      @ CAA 128 issue "letsencrypt.org"
+      @ CAA 128 issue "letsencrypt.org; validationmethods=dns-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/78014180"
     '';
 in
 {