* [pmg-devel] [PATCH pmg-api] acme: allow wildcard domain entries
@ 2021-04-12 13:23 Stoiko Ivanov
2021-04-12 13:45 ` Thomas Lamprecht
0 siblings, 1 reply; 2+ messages in thread
From: Stoiko Ivanov @ 2021-04-12 13:23 UTC (permalink / raw)
To: pmg-devel
Reported in our community forum [0], support for wildcard certificates
via ACME sounds like a good enhancement (especially for PMG).
In order for this to work you need to configure both:
* the wild-card subentry (*.domain.example)
* the base entry (domain.example)
as ACME domains (and be able to verify both of them via DNS Plugin)
Quickly tested with a domain of mine (and the powerdns plugin)
[0]
https://forum.proxmox.com/threads/feature-request-add-wildcard-support-for-acme.87495/
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PMG/CertHelpers.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PMG/CertHelpers.pm b/src/PMG/CertHelpers.pm
index 5122f71..b7e79b7 100644
--- a/src/PMG/CertHelpers.pm
+++ b/src/PMG/CertHelpers.pm
@@ -57,7 +57,7 @@ PVE::JSONSchema::register_format('pmg-acme-domain', sub {
my $label = qr/[a-z0-9][a-z0-9_-]*/i;
- return $domain if $domain =~ /^$label(?:\.$label)+$/;
+ return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/;
return undef if $noerr;
die "value '$domain' does not look like a valid domain name!\n";
});
--
2.20.1
^ permalink raw reply [flat|nested] 2+ messages in thread* Re: [pmg-devel] [PATCH pmg-api] acme: allow wildcard domain entries
2021-04-12 13:23 [pmg-devel] [PATCH pmg-api] acme: allow wildcard domain entries Stoiko Ivanov
@ 2021-04-12 13:45 ` Thomas Lamprecht
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Lamprecht @ 2021-04-12 13:45 UTC (permalink / raw)
To: Stoiko Ivanov, pmg-devel
On 12.04.21 15:23, Stoiko Ivanov wrote:
> Reported in our community forum [0], support for wildcard certificates
> via ACME sounds like a good enhancement (especially for PMG).
>
> In order for this to work you need to configure both:
> * the wild-card subentry (*.domain.example)
> * the base entry (domain.example)
why the base one though?
Any how, would def. warrant a patch to the docs, else this is a bit obscure.
> as ACME domains (and be able to verify both of them via DNS Plugin)
>
> Quickly tested with a domain of mine (and the powerdns plugin)
>
> [0]
> https://forum.proxmox.com/threads/feature-request-add-wildcard-support-for-acme.87495/
>
> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
> src/PMG/CertHelpers.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/PMG/CertHelpers.pm b/src/PMG/CertHelpers.pm
> index 5122f71..b7e79b7 100644
> --- a/src/PMG/CertHelpers.pm
> +++ b/src/PMG/CertHelpers.pm
> @@ -57,7 +57,7 @@ PVE::JSONSchema::register_format('pmg-acme-domain', sub {
>
> my $label = qr/[a-z0-9][a-z0-9_-]*/i;
>
> - return $domain if $domain =~ /^$label(?:\.$label)+$/;
> + return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/;
> return undef if $noerr;
> die "value '$domain' does not look like a valid domain name!\n";
> });
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-04-12 13:45 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-12 13:23 [pmg-devel] [PATCH pmg-api] acme: allow wildcard domain entries Stoiko Ivanov
2021-04-12 13:45 ` Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal