From f5f82ae9d324ab88ed07a73c33790e6cb08c7153 Mon Sep 17 00:00:00 2001
From: Matej Focko <mfocko@packit.dev>
Date: Wed, 3 Sep 2025 23:53:36 +0200
Subject: [PATCH 1/2] docs: remove obsolete domains

- Stream and source-git are no longer deployed
- Also mention nixpkg + devenv.sh

Signed-off-by: Matej Focko <mfocko@packit.dev>
---
 docs/deployment/tls-certs.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/docs/deployment/tls-certs.md b/docs/deployment/tls-certs.md
index a5d8a9d4..09b59b2e 100644
--- a/docs/deployment/tls-certs.md
+++ b/docs/deployment/tls-certs.md
@@ -12,11 +12,7 @@ The process is manual but would be awesome to
 We are using multi-domain wildcard certificates for the following domains:
 
 - `*.packit.dev`
-- `*.stream.packit.dev`
-- `*.fedora-source-git.packit.dev`
 - `*.stg.packit.dev`
-- `*.stg.stream.packit.dev`
-- `*.stg.fedora-source-git.packit.dev`
 
 In case the procedure bellow does not work,
 [previously used http challenge](https://github.com/packit/deployment/blob/008f5eaad69a620c54784f1fc19c7c775af9ec7d/README.md#obtaining-a-lets-encrypt-cert-using-certbot)
@@ -52,11 +48,17 @@ Check if you have access to packit.dev domain in
 
 Install certbot locally: `dnf install certbot`.
 
+:::note
+
+Or use the combo of nixpkg + devenv.sh.
+
+:::
+
 ## Run certbot to obtain the challenges
 
 Run certbot:
 
-    $ certbot certonly --config-dir ~/.certbot --work-dir ~/.certbot --logs-dir ~/.certbot --manual --preferred-challenges dns --email hello@packit.dev -d prod.packit.dev -d stg.packit.dev -d dashboard.packit.dev -d dashboard.stg.packit.dev -d workers.packit.dev -d workers.stg.packit.dev -d prod.stream.packit.dev -d stg.stream.packit.dev -d prod.fedora-source-git.packit.dev -d stg.fedora-source-git.packit.dev
+    $ certbot certonly --config-dir ~/.certbot --work-dir ~/.certbot --logs-dir ~/.certbot --manual --preferred-challenges dns --email hello@packit.dev -d prod.packit.dev -d stg.packit.dev -d dashboard.packit.dev -d dashboard.stg.packit.dev -d workers.packit.dev -d workers.stg.packit.dev
 
 You will be asked to set TXT record for every domain requested:
 

From c9c398fc6549378fe062932e04f721e0d4f4ec0c Mon Sep 17 00:00:00 2001
From: Matej Focko <mfocko@packit.dev>
Date: Wed, 3 Sep 2025 23:54:17 +0200
Subject: [PATCH 2/2] chore(devenv): add certbot to for TLS renewals

Signed-off-by: Matej Focko <mfocko@packit.dev>
---
 devenv.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/devenv.nix b/devenv.nix
index 68d9fdb4..d0c25a1f 100644
--- a/devenv.nix
+++ b/devenv.nix
@@ -6,6 +6,9 @@
 
     pkgs.ansible
     pkgs.ansible-navigator
+
+    # Needed for renewal of TLS certificates
+    pkgs.certbot
   ];
 
   languages.python = {