From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 0477A725B9 for ; Mon, 12 Apr 2021 21:28:49 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id CD01D22B5E for ; Mon, 12 Apr 2021 21:28:48 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id C9EA322B37 for ; Mon, 12 Apr 2021 21:28:46 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 9300245A6D for ; Mon, 12 Apr 2021 21:28:46 +0200 (CEST) From: Stoiko Ivanov To: pmg-devel@lists.proxmox.com Date: Mon, 12 Apr 2021 21:28:31 +0200 Message-Id: <20210412192833.21988-2-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20210412192833.21988-1-s.ivanov@proxmox.com> References: <20210412192833.21988-1-s.ivanov@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.059 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pmg-devel] [PATCH pmg-api v2 1/1] acme: allow wildcard domain entries X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Apr 2021 19:28:49 -0000 Reported in our community forum [0], support for wildcard certificates via ACME sounds like a good enhancement (especially for PMG). In order for this to work you need to configure both: * the wild-card subentry (*.domain.example) * the base entry (domain.example) as ACME domains (and be able to verify both of them via DNS Plugin). This is best described in the announcement by Let's Encrypt announcing wildcard certificate support [1]. Quickly tested with a domain of mine (and the powerdns plugin) [0] https://forum.proxmox.com/threads/feature-request-add-wildcard-support-for-acme.87495/ [1] https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578 Signed-off-by: Stoiko Ivanov --- src/PMG/CertHelpers.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/PMG/CertHelpers.pm b/src/PMG/CertHelpers.pm index 5122f71..b7e79b7 100644 --- a/src/PMG/CertHelpers.pm +++ b/src/PMG/CertHelpers.pm @@ -57,7 +57,7 @@ PVE::JSONSchema::register_format('pmg-acme-domain', sub { my $label = qr/[a-z0-9][a-z0-9_-]*/i; - return $domain if $domain =~ /^$label(?:\.$label)+$/; + return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/; return undef if $noerr; die "value '$domain' does not look like a valid domain name!\n"; }); -- 2.20.1