updates for wildcards
This commit is contained in:
parent
df0f870665
commit
03e2513919
18
lib/core.js
18
lib/core.js
|
|
@ -223,17 +223,28 @@ module.exports.create = function (gl) {
|
||||||
var challengeDefaults = gl['_challengeOpts_' + (args.challengeType || gl.challengeType)] || {};
|
var challengeDefaults = gl['_challengeOpts_' + (args.challengeType || gl.challengeType)] || {};
|
||||||
var copy = utils.merge(args, challengeDefaults || {});
|
var copy = utils.merge(args, challengeDefaults || {});
|
||||||
copy = utils.merge(copy, gl);
|
copy = utils.merge(copy, gl);
|
||||||
|
if (!copy.subject) { copy.subject = copy.domains[0]; }
|
||||||
|
if (!copy.domain) { copy.domain = copy.domains[0]; }
|
||||||
args = utils.tplCopy(copy);
|
args = utils.tplCopy(copy);
|
||||||
|
|
||||||
if (!Array.isArray(args.domains)) {
|
if (!Array.isArray(args.domains)) {
|
||||||
return PromiseA.reject(new Error('args.domains should be an array of domains'));
|
return PromiseA.reject(new Error('args.domains should be an array of domains'));
|
||||||
}
|
}
|
||||||
|
//if (-1 === args.domains.indexOf(args.subject)) // TODO relax the constraint once acme-v2 handles subject?
|
||||||
|
if (args.subject !== args.domains[0]) {
|
||||||
|
console.warn("The certificate's subject (primary domain) should be first in the list of opts.domains");
|
||||||
|
console.warn('\topts.subject: (set by you approveDomains(), falling back to opts.domain) ' + args.subject);
|
||||||
|
console.warn('\topts.domain: (set by SNICallback()) ' + args.domain);
|
||||||
|
console.warn('\topts.domains: (set by you in approveDomains()) ' + args.domains.join(','));
|
||||||
|
console.warn("Updating your code will prevent weird, random, hard-to-repro bugs during renewals");
|
||||||
|
console.warn("(also this will be required in the next major version of greenlock)");
|
||||||
|
//return PromiseA.reject(new Error('certificate subject (primary domain) must be the first in opts.domains'));
|
||||||
|
}
|
||||||
if (!(args.domains.length && args.domains.every(utils.isValidDomain))) {
|
if (!(args.domains.length && args.domains.every(utils.isValidDomain))) {
|
||||||
// NOTE: this library can't assume to handle the http loopback
|
// NOTE: this library can't assume to handle the http loopback
|
||||||
// (or dns-01 validation may be used)
|
// (or dns-01 validation may be used)
|
||||||
// so we do not check dns records or attempt a loopback here
|
// so we do not check dns records or attempt a loopback here
|
||||||
err = new Error("invalid domain name(s): '" + args.domains + "'");
|
err = new Error("invalid domain name(s): '(" + args.subject + ') ' + args.domains.join(',') + "'");
|
||||||
err.code = "INVALID_DOMAIN";
|
err.code = "INVALID_DOMAIN";
|
||||||
return PromiseA.reject(err);
|
return PromiseA.reject(err);
|
||||||
}
|
}
|
||||||
|
|
@ -326,6 +337,7 @@ module.exports.create = function (gl) {
|
||||||
|
|
||||||
, accountKeypair: RSA.import(account.keypair)
|
, accountKeypair: RSA.import(account.keypair)
|
||||||
, domainKeypair: domainKeypair
|
, domainKeypair: domainKeypair
|
||||||
|
, subject: args.subject // TODO handle this in acme-v2
|
||||||
, domains: args.domains
|
, domains: args.domains
|
||||||
, challengeType: args.challengeType
|
, challengeType: args.challengeType
|
||||||
};
|
};
|
||||||
|
|
@ -358,7 +370,7 @@ module.exports.create = function (gl) {
|
||||||
gl.challenges[args.challengeType].remove(copy, domain, key, done);
|
gl.challenges[args.challengeType].remove(copy, domain, key, done);
|
||||||
};
|
};
|
||||||
|
|
||||||
log(args.debug, 'calling greenlock.acme.getCertificateAsync', certReq.domains);
|
log(args.debug, 'calling greenlock.acme.getCertificateAsync', certReq.subject, certReq.domains);
|
||||||
|
|
||||||
// TODO acme-v2/nocompat
|
// TODO acme-v2/nocompat
|
||||||
return gl.acme.getCertificateAsync(certReq).then(utils.attachCertInfo);
|
return gl.acme.getCertificateAsync(certReq).then(utils.attachCertInfo);
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue