From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 7CCFA73775 for ; Thu, 15 Apr 2021 21:46:36 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 668FC1DF47 for ; Thu, 15 Apr 2021 21:46:36 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [212.186.127.180]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 330261DF13 for ; Thu, 15 Apr 2021 21:46:34 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id F0D5A45B1E for ; Thu, 15 Apr 2021 21:46:33 +0200 (CEST) From: Stoiko Ivanov To: pmg-devel@lists.proxmox.com Date: Thu, 15 Apr 2021 21:46:17 +0200 Message-Id: <20210415194622.25632-1-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.058 Adjusted score from AWL reputation of From: address KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_DNSWL_MED -2.3 Sender listed at https://www.dnswl.org/, medium trust SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [certificates.pm, letsencrypt.org, nodeconfig.pm] Subject: [pmg-devel] [PATCH pmg-api/pwt/pmg-docs v3] X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Apr 2021 19:46:36 -0000 v2->v3: * incorporated Thomas' excellent feedback (especially that part of wildcard-certs without the base-domain being added actually working despite my theoretical guess that it would not :) * added a check for wildcardcert needs DNS plugin during node-config parsing and writing original cover-letter for v2: v1->v2: * reaad up on the requirements and infered from [0], a few HOWTOs and the response from the LE staging directory that: ``` Orders that contain both a base domain and its wildcard equivalent (...) are valid. ``` means that only such orders are valid (hence the requirement for the base name in addition to the wildcard name * added a short stanza to pmg-docs describing the requirements * added a patch for pwt to allow '*.' as prefix for domains in ACMEDomains [0] https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578 pmg-api: Stoiko Ivanov (3): acme: handle wildcard dns validation acme: check plugin for wildcard certificates nodeconfig: parse acme config before writing src/PMG/API2/Certificates.pm | 5 +++++ src/PMG/NodeConfig.pm | 14 +++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) promox-widget-toolkit: Stoiko Ivanov (1): acme: allow wildcards as domain src/Toolkit.js | 5 +++++ src/Utils.js | 1 + src/window/ACMEDomains.js | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) pmg-docs: Stoiko Ivanov (1): certs: add wildcard certificate support pmg-ssl-certificate.adoc | 12 ++++++++++++ 1 file changed, 12 insertions(+) -- 2.20.1