fixup! pki: add new vault root ca to pki

services/vault/default.nix

@@ -99,10 +99,11 @@ let
       # ACME certificate directory
       CERT_DIR="/var/lib/acme/vault01.home.2rjus.net"
 
-      # Issue certificate for vault01
+      # Issue certificate for vault01 with vault as SAN
-      echo "Issuing certificate for vault01.home.2rjus.net..."
+      echo "Issuing certificate for vault01.home.2rjus.net (with SAN: vault.home.2rjus.net)..."
       OUTPUT=$(bao write -format=json pki_int/issue/homelab \
         common_name="vault01.home.2rjus.net" \
+        alt_names="vault.home.2rjus.net" \
         ttl="720h")
 
       # Create ACME directory structure
@@ -140,6 +141,9 @@ let
       echo ""
       echo "Certificate details:"
       openssl x509 -in "$CERT_DIR/cert.pem" -noout -subject -issuer -dates
+      echo ""
+      echo "Subject Alternative Names:"
+      openssl x509 -in "$CERT_DIR/cert.pem" -noout -ext subjectAltName
 
       echo ""
       echo "Now restart openbao service:"
@@ -195,6 +199,6 @@ in
     server = "https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory";
     listenHTTP = ":80";
     reloadServices = [ "openbao" ];
-    # extraDomainNames = [ "vault.home.2rjus.net" ];
+    extraDomainNames = [ "vault.home.2rjus.net" ];
   };
 }