fixup! pki: add new vault root ca to pki

hosts/vaulttest01/configuration.nix

@@ -105,6 +105,24 @@
     };
   };
 
+  # Test ACME certificate issuance from OpenBao PKI
+  # Override the global ACME server to use OpenBao instead of step-ca
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      server = "https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory";
+      email = "root@home.2rjus.net";
+      dnsPropagationCheck = false;
+    };
+  };
+
+  # Request a certificate for this host
+  # Using HTTP-01 challenge with standalone listener on port 80
+  security.acme.certs."vaulttest01.home.2rjus.net" = {
+    listenHTTP = ":80";
+    enableDebugLogs = true;
+  };
+
   system.stateVersion = "25.11"; # Did you read the comment?
 }