From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E9B1475889 for ; Tue, 13 Jul 2021 10:04:39 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id DCB2D1D75C for ; Tue, 13 Jul 2021 10:04:09 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id 198631D74E for ; Tue, 13 Jul 2021 10:04:09 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id DBF0040312 for ; Tue, 13 Jul 2021 10:04:08 +0200 (CEST) Message-ID: Date: Tue, 13 Jul 2021 10:03:46 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:90.0) Gecko/20100101 Thunderbird/90.0 Content-Language: en-US To: Stoiko Ivanov , pmg-devel@lists.proxmox.com References: <20210415194622.25632-1-s.ivanov@proxmox.com> From: Thomas Lamprecht In-Reply-To: <20210415194622.25632-1-s.ivanov@proxmox.com> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.454 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [certificates.pm, nodeconfig.pm, letsencrypt.org] Subject: [pmg-devel] applied-series: [PATCH pmg-api/pwt/pmg-docs v3] X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jul 2021 08:04:40 -0000 On 15.04.21 21:46, Stoiko Ivanov wrote: > v2->v3: > * incorporated Thomas' excellent feedback (especially that part of wildcard-certs > without the base-domain being added actually working despite my theoretical > guess that it would not :) > * added a check for wildcardcert needs DNS plugin during node-config parsing and writing > > original cover-letter for v2: > v1->v2: > * reaad up on the requirements and infered from [0], a few HOWTOs and the > response from the LE staging directory that: > ``` > Orders that contain both a base domain and its wildcard equivalent (...) are > valid. > ``` > means that only such orders are valid (hence the requirement for the base > name in addition to the wildcard name > * added a short stanza to pmg-docs describing the requirements > * added a patch for pwt to allow '*.' as prefix for domains in ACMEDomains > > > [0] https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578 > > pmg-api: > Stoiko Ivanov (3): > acme: handle wildcard dns validation > acme: check plugin for wildcard certificates > nodeconfig: parse acme config before writing > > src/PMG/API2/Certificates.pm | 5 +++++ > src/PMG/NodeConfig.pm | 14 +++++++++++++- > 2 files changed, 18 insertions(+), 1 deletion(-) > > promox-widget-toolkit: > Stoiko Ivanov (1): > acme: allow wildcards as domain > > src/Toolkit.js | 5 +++++ > src/Utils.js | 1 + > src/window/ACMEDomains.js | 2 +- > 3 files changed, 7 insertions(+), 1 deletion(-) > > pmg-docs: > Stoiko Ivanov (1): > certs: add wildcard certificate support > > pmg-ssl-certificate.adoc | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > applied series, thanks!