tls: Add 'wildcard' subdirective to force wildcard certificate

Should only be used when many sites are defined in the Caddyfile, and
you would run up against Let's Encrypt rate limits without a wildcard.
This commit is contained in:
Matthew Holt 2018-03-17 11:29:19 -06:00
parent 3d01f46efa
commit 37c852c382
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5
2 changed files with 16 additions and 3 deletions

View file

@ -100,8 +100,8 @@ func enableAutoHTTPS(configs []*SiteConfig, loadCertificates bool) error {
}
cfg.TLS.Enabled = true
cfg.Addr.Scheme = "https"
if loadCertificates && caddytls.HostQualifies(cfg.Addr.Host) {
_, err := cfg.TLS.CacheManagedCertificate(cfg.Addr.Host)
if loadCertificates && caddytls.HostQualifies(cfg.TLS.Hostname) {
_, err := cfg.TLS.CacheManagedCertificate(cfg.TLS.Hostname)
if err != nil {
return err
}

View file

@ -207,8 +207,21 @@ func setupTLS(c *caddy.Controller) error {
}
case "must_staple":
config.MustStaple = true
case "wildcard":
if !HostQualifies(config.Hostname) {
return c.Errf("Hostname '%s' does not qualify for managed TLS, so cannot manage wildcard certificate for it", config.Hostname)
}
if strings.Contains(config.Hostname, "*") {
return c.Errf("Cannot convert domain name '%s' to a valid wildcard: already has a wildcard label", config.Hostname)
}
parts := strings.Split(config.Hostname, ".")
if len(parts) < 3 {
return c.Errf("Cannot convert domain name '%s' to a valid wildcard: too few labels", config.Hostname)
}
parts[0] = "*"
config.Hostname = strings.Join(parts, ".")
default:
return c.Errf("Unknown keyword '%s'", c.Val())
return c.Errf("Unknown subdirective '%s'", c.Val())
}
}