Commit 37c852c3 authored by Matthew Holt's avatar Matthew Holt

tls: Add 'wildcard' subdirective to force wildcard certificate

Should only be used when many sites are defined in the Caddyfile, and
you would run up against Let's Encrypt rate limits without a wildcard.
parent 3d01f46e
...@@ -100,8 +100,8 @@ func enableAutoHTTPS(configs []*SiteConfig, loadCertificates bool) error { ...@@ -100,8 +100,8 @@ func enableAutoHTTPS(configs []*SiteConfig, loadCertificates bool) error {
} }
cfg.TLS.Enabled = true cfg.TLS.Enabled = true
cfg.Addr.Scheme = "https" cfg.Addr.Scheme = "https"
if loadCertificates && caddytls.HostQualifies(cfg.Addr.Host) { if loadCertificates && caddytls.HostQualifies(cfg.TLS.Hostname) {
_, err := cfg.TLS.CacheManagedCertificate(cfg.Addr.Host) _, err := cfg.TLS.CacheManagedCertificate(cfg.TLS.Hostname)
if err != nil { if err != nil {
return err return err
} }
......
...@@ -207,8 +207,21 @@ func setupTLS(c *caddy.Controller) error { ...@@ -207,8 +207,21 @@ func setupTLS(c *caddy.Controller) error {
} }
case "must_staple": case "must_staple":
config.MustStaple = true config.MustStaple = true
case "wildcard":
if !HostQualifies(config.Hostname) {
return c.Errf("Hostname '%s' does not qualify for managed TLS, so cannot manage wildcard certificate for it", config.Hostname)
}
if strings.Contains(config.Hostname, "*") {
return c.Errf("Cannot convert domain name '%s' to a valid wildcard: already has a wildcard label", config.Hostname)
}
parts := strings.Split(config.Hostname, ".")
if len(parts) < 3 {
return c.Errf("Cannot convert domain name '%s' to a valid wildcard: too few labels", config.Hostname)
}
parts[0] = "*"
config.Hostname = strings.Join(parts, ".")
default: default:
return c.Errf("Unknown keyword '%s'", c.Val()) return c.Errf("Unknown subdirective '%s'", c.Val())
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment