From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <s.ivanov@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 0477A725B9
for <pmg-devel@lists.proxmox.com>; Mon, 12 Apr 2021 21:28:49 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id CD01D22B5E
for <pmg-devel@lists.proxmox.com>; Mon, 12 Apr 2021 21:28:48 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[212.186.127.180])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS id C9EA322B37
for <pmg-devel@lists.proxmox.com>; Mon, 12 Apr 2021 21:28:46 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9300245A6D
for <pmg-devel@lists.proxmox.com>; Mon, 12 Apr 2021 21:28:46 +0200 (CEST)
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pmg-devel@lists.proxmox.com
Date: Mon, 12 Apr 2021 21:28:31 +0200
Message-Id: <20210412192833.21988-2-s.ivanov@proxmox.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210412192833.21988-1-s.ivanov@proxmox.com>
References: <20210412192833.21988-1-s.ivanov@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
AWL 0.059 Adjusted score from AWL reputation of From: address
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/,
medium trust
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: [pmg-devel] [PATCH pmg-api v2 1/1] acme: allow wildcard domain
entries
X-BeenThere: pmg-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox Mail Gateway development discussion
<pmg-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pmg-devel>,
<mailto:pmg-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pmg-devel/>
List-Post: <mailto:pmg-devel@lists.proxmox.com>
List-Help: <mailto:pmg-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pmg-devel>,
<mailto:pmg-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Mon, 12 Apr 2021 19:28:49 -0000
Reported in our community forum [0], support for wildcard certificates
via ACME sounds like a good enhancement (especially for PMG).
In order for this to work you need to configure both:
* the wild-card subentry (*.domain.example)
* the base entry (domain.example)
as ACME domains (and be able to verify both of them via DNS Plugin).
This is best described in the announcement by Let's Encrypt announcing
wildcard certificate support [1].
Quickly tested with a domain of mine (and the powerdns plugin)
[0]
https://forum.proxmox.com/threads/feature-request-add-wildcard-support-for-acme.87495/
[1]
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PMG/CertHelpers.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PMG/CertHelpers.pm b/src/PMG/CertHelpers.pm
index 5122f71..b7e79b7 100644
--- a/src/PMG/CertHelpers.pm
+++ b/src/PMG/CertHelpers.pm
@@ -57,7 +57,7 @@ PVE::JSONSchema::register_format('pmg-acme-domain', sub {
my $label = qr/[a-z0-9][a-z0-9_-]*/i;
- return $domain if $domain =~ /^$label(?:\.$label)+$/;
+ return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/;
return undef if $noerr;
die "value '$domain' does not look like a valid domain name!\n";
});
--
2.20.1