updates for wildcards

This commit is contained in:
AJ ONeal 2019-04-01 23:11:56 -06:00
parent df0f870665
commit 03e2513919
1 changed files with 15 additions and 3 deletions

View File

@ -223,17 +223,28 @@ module.exports.create = function (gl) {
var challengeDefaults = gl['_challengeOpts_' + (args.challengeType || gl.challengeType)] || {}; var challengeDefaults = gl['_challengeOpts_' + (args.challengeType || gl.challengeType)] || {};
var copy = utils.merge(args, challengeDefaults || {}); var copy = utils.merge(args, challengeDefaults || {});
copy = utils.merge(copy, gl); copy = utils.merge(copy, gl);
if (!copy.subject) { copy.subject = copy.domains[0]; }
if (!copy.domain) { copy.domain = copy.domains[0]; }
args = utils.tplCopy(copy); args = utils.tplCopy(copy);
if (!Array.isArray(args.domains)) { if (!Array.isArray(args.domains)) {
return PromiseA.reject(new Error('args.domains should be an array of domains')); return PromiseA.reject(new Error('args.domains should be an array of domains'));
} }
//if (-1 === args.domains.indexOf(args.subject)) // TODO relax the constraint once acme-v2 handles subject?
if (args.subject !== args.domains[0]) {
console.warn("The certificate's subject (primary domain) should be first in the list of opts.domains");
console.warn('\topts.subject: (set by you approveDomains(), falling back to opts.domain) ' + args.subject);
console.warn('\topts.domain: (set by SNICallback()) ' + args.domain);
console.warn('\topts.domains: (set by you in approveDomains()) ' + args.domains.join(','));
console.warn("Updating your code will prevent weird, random, hard-to-repro bugs during renewals");
console.warn("(also this will be required in the next major version of greenlock)");
//return PromiseA.reject(new Error('certificate subject (primary domain) must be the first in opts.domains'));
}
if (!(args.domains.length && args.domains.every(utils.isValidDomain))) { if (!(args.domains.length && args.domains.every(utils.isValidDomain))) {
// NOTE: this library can't assume to handle the http loopback // NOTE: this library can't assume to handle the http loopback
// (or dns-01 validation may be used) // (or dns-01 validation may be used)
// so we do not check dns records or attempt a loopback here // so we do not check dns records or attempt a loopback here
err = new Error("invalid domain name(s): '" + args.domains + "'"); err = new Error("invalid domain name(s): '(" + args.subject + ') ' + args.domains.join(',') + "'");
err.code = "INVALID_DOMAIN"; err.code = "INVALID_DOMAIN";
return PromiseA.reject(err); return PromiseA.reject(err);
} }
@ -326,6 +337,7 @@ module.exports.create = function (gl) {
, accountKeypair: RSA.import(account.keypair) , accountKeypair: RSA.import(account.keypair)
, domainKeypair: domainKeypair , domainKeypair: domainKeypair
, subject: args.subject // TODO handle this in acme-v2
, domains: args.domains , domains: args.domains
, challengeType: args.challengeType , challengeType: args.challengeType
}; };
@ -358,7 +370,7 @@ module.exports.create = function (gl) {
gl.challenges[args.challengeType].remove(copy, domain, key, done); gl.challenges[args.challengeType].remove(copy, domain, key, done);
}; };
log(args.debug, 'calling greenlock.acme.getCertificateAsync', certReq.domains); log(args.debug, 'calling greenlock.acme.getCertificateAsync', certReq.subject, certReq.domains);
// TODO acme-v2/nocompat // TODO acme-v2/nocompat
return gl.acme.getCertificateAsync(certReq).then(utils.attachCertInfo); return gl.acme.getCertificateAsync(certReq).then(utils.attachCertInfo);