From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pmg-devel@lists.proxmox.com
Subject: [pmg-devel] [PATCH pmg-api v2 1/1] acme: allow wildcard domain entries
Date: Mon, 12 Apr 2021 21:28:31 +0200 [thread overview]
Message-ID: <20210412192833.21988-2-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20210412192833.21988-1-s.ivanov@proxmox.com>
Reported in our community forum [0], support for wildcard certificates
via ACME sounds like a good enhancement (especially for PMG).
In order for this to work you need to configure both:
* the wild-card subentry (*.domain.example)
* the base entry (domain.example)
as ACME domains (and be able to verify both of them via DNS Plugin).
This is best described in the announcement by Let's Encrypt announcing
wildcard certificate support [1].
Quickly tested with a domain of mine (and the powerdns plugin)
[0]
https://forum.proxmox.com/threads/feature-request-add-wildcard-support-for-acme.87495/
[1]
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
src/PMG/CertHelpers.pm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/PMG/CertHelpers.pm b/src/PMG/CertHelpers.pm
index 5122f71..b7e79b7 100644
--- a/src/PMG/CertHelpers.pm
+++ b/src/PMG/CertHelpers.pm
@@ -57,7 +57,7 @@ PVE::JSONSchema::register_format('pmg-acme-domain', sub {
my $label = qr/[a-z0-9][a-z0-9_-]*/i;
- return $domain if $domain =~ /^$label(?:\.$label)+$/;
+ return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/;
return undef if $noerr;
die "value '$domain' does not look like a valid domain name!\n";
});
--
2.20.1
next prev parent reply other threads:[~2021-04-12 19:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-12 19:28 [pmg-devel] [PATCH pmg-api/pmg-docs/proxmox-widget-toolkit v2 0/1] allow wildcard DNS-names for ACME Stoiko Ivanov
2021-04-12 19:28 ` Stoiko Ivanov [this message]
2021-04-15 13:18 ` [pmg-devel] applied: [PATCH pmg-api v2 1/1] acme: allow wildcard domain entries Thomas Lamprecht
2021-04-12 19:28 ` [pmg-devel] [PATCH v2 proxmox-widget-toolkit 1/1] acme: allow wildcards as domain Stoiko Ivanov
2021-04-12 19:28 ` [pmg-devel] [PATCH pmg-docs v2 1/1] certs: add wildcard certificate support Stoiko Ivanov
2021-04-13 5:07 ` Thomas Lamprecht
2021-04-13 4:55 ` [pmg-devel] [PATCH pmg-api/pmg-docs/proxmox-widget-toolkit v2 0/1] allow wildcard DNS-names for ACME Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210412192833.21988-2-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pmg-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox