public inbox for pmg-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pmg-api v2 1/1] acme: allow wildcard domain entries
Date: Mon, 12 Apr 2021 21:28:31 +0200	[thread overview]
Message-ID: <20210412192833.21988-2-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20210412192833.21988-1-s.ivanov@proxmox.com>

Reported in our community forum [0], support for wildcard certificates
via ACME sounds like a good enhancement (especially for PMG).

In order for this to work you need to configure both:
* the wild-card subentry (*.domain.example)
* the base entry (domain.example)
as ACME domains (and be able to verify both of them via DNS Plugin).
This is best described in the announcement by Let's Encrypt announcing
wildcard certificate support [1].

Quickly tested with a domain of mine (and the powerdns plugin)

[0]
https://forum.proxmox.com/threads/feature-request-add-wildcard-support-for-acme.87495/
[1]
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 src/PMG/CertHelpers.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PMG/CertHelpers.pm b/src/PMG/CertHelpers.pm
index 5122f71..b7e79b7 100644
--- a/src/PMG/CertHelpers.pm
+++ b/src/PMG/CertHelpers.pm
@@ -57,7 +57,7 @@ PVE::JSONSchema::register_format('pmg-acme-domain', sub {
 
     my $label = qr/[a-z0-9][a-z0-9_-]*/i;
 
-    return $domain if $domain =~ /^$label(?:\.$label)+$/;
+    return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/;
     return undef if $noerr;
     die "value '$domain' does not look like a valid domain name!\n";
 });
-- 
2.20.1





  reply	other threads:[~2021-04-12 19:28 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-12 19:28 [pmg-devel] [PATCH pmg-api/pmg-docs/proxmox-widget-toolkit v2 0/1] allow wildcard DNS-names for ACME Stoiko Ivanov
2021-04-12 19:28 ` Stoiko Ivanov [this message]
2021-04-15 13:18   ` [pmg-devel] applied: [PATCH pmg-api v2 1/1] acme: allow wildcard domain entries Thomas Lamprecht
2021-04-12 19:28 ` [pmg-devel] [PATCH v2 proxmox-widget-toolkit 1/1] acme: allow wildcards as domain Stoiko Ivanov
2021-04-12 19:28 ` [pmg-devel] [PATCH pmg-docs v2 1/1] certs: add wildcard certificate support Stoiko Ivanov
2021-04-13  5:07   ` Thomas Lamprecht
2021-04-13  4:55 ` [pmg-devel] [PATCH pmg-api/pmg-docs/proxmox-widget-toolkit v2 0/1] allow wildcard DNS-names for ACME Thomas Lamprecht

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210412192833.21988-2-s.ivanov@proxmox.com \
    --to=s.ivanov@proxmox.com \
    --cc=pmg-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal