about summary refs log tree commit diff stats
path: root/internal/server/tls.go
diff options
context:
space:
mode:
authorAlan Pearce2024-10-23 15:45:02 +0200
committerAlan Pearce2024-10-23 15:45:02 +0200
commit51024675983d865c4635fa70184f827c6c543d02 (patch)
tree3b26caa315efe64d71e0183b0c5c5ef37f2f1a01 /internal/server/tls.go
parent885a0ed62daea18c444cc67033db1d21312a32c0 (diff)
downloadwebsite-51024675983d865c4635fa70184f827c6c543d02.tar.lz
website-51024675983d865c4635fa70184f827c6c543d02.tar.zst
website-51024675983d865c4635fa70184f827c6c543d02.zip
provision wildcard certificate correctly
Diffstat (limited to 'internal/server/tls.go')
-rw-r--r--internal/server/tls.go8
1 files changed, 7 insertions, 1 deletions
diff --git a/internal/server/tls.go b/internal/server/tls.go
index 4d52b8d..9f22a5e 100644
--- a/internal/server/tls.go
+++ b/internal/server/tls.go
@@ -5,6 +5,7 @@ import (
 	"crypto/x509"
 	"net"
 	"net/http"
+	"slices"
 	"strconv"
 
 	"go.alanpearce.eu/x/listenfd"
@@ -35,6 +36,9 @@ type acmeConfig struct {
 func (s *Server) serveTLS() (err error) {
 	log := s.log.Named("tls")
 
+	wildcardDomain := "*." + s.config.WildcardDomain
+	certificateDomains := slices.Clone(s.config.Domains)
+
 	// setting cfg.Logger is too late somehow
 	certmagic.Default.Logger = log.GetLogger().Named("certmagic")
 	cfg := certmagic.NewDefault()
@@ -96,6 +100,8 @@ func (s *Server) serveTLS() (err error) {
 			},
 		})
 
+		certificateDomains = append(slices.Clone(s.config.Domains), wildcardDomain)
+
 		log.Info("acme", "username", acme.Username, "subdomain", acme.Subdomain, "server_url", acme.ServerURL)
 
 		rs := certmagic_redis.New()
@@ -164,7 +170,7 @@ func (s *Server) serveTLS() (err error) {
 		"https_port",
 		s.runtimeConfig.TLSPort,
 	)
-	err = cfg.ManageAsync(context.TODO(), s.config.Domains)
+	err = cfg.ManageAsync(context.TODO(), certificateDomains)
 	if err != nil {
 		return errors.Wrap(err, "could not enable TLS")
 	}