tls: strip IPv6 brackets before enabling certmagic

author: Alan Pearce 2024-06-29 10:26:57 +0200
committer: Alan Pearce 2024-06-29 10:26:57 +0200
commit: 37895a7da8dfd3a2d419e62350595bd83cceb434 (patch)
tree: 232edf88a922316bbe5c1ffba87d42f99650e49a /internal/server
parent: 6e092d6456f870df0ae90f400e6848d748a93c4c (diff)
download: website-37895a7da8dfd3a2d419e62350595bd83cceb434.tar.lz
website-37895a7da8dfd3a2d419e62350595bd83cceb434.tar.zst
website-37895a7da8dfd3a2d419e62350595bd83cceb434.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/internal/server/tls.go b/internal/server/tls.go
index 565958f..848d97c 100644
--- a/internal/server/tls.go
+++ b/internal/server/tls.go
@@ -50,11 +50,16 @@ func (s *Server) serveTLS() (err error) {
 		// caddy's ACME server (step-ca) doesn't specify an OCSP server
 		cfg.OCSP.DisableStapling = true
 
+		listenAddress := s.runtimeConfig.ListenAddress
+		if listenAddress[0] == '[' {
+			listenAddress = listenAddress[1 : len(listenAddress)-1]
+		}
+
 		cfg.Issuers[0] = certmagic.NewACMEIssuer(cfg, certmagic.ACMEIssuer{
 			CA:                      s.runtimeConfig.ACMECA,
 			TrustedRoots:            cp,
 			DisableTLSALPNChallenge: true,
-			ListenHost:              s.runtimeConfig.ListenAddress,
+			ListenHost:              listenAddress,
 			AltHTTPPort:             s.runtimeConfig.Port,
 			AltTLSALPNPort:          s.runtimeConfig.TLSPort,
 		})
author	Alan Pearce	2024-06-29 10:26:57 +0200
committer	Alan Pearce	2024-06-29 10:26:57 +0200
commit	37895a7da8dfd3a2d419e62350595bd83cceb434 (patch)
tree	232edf88a922316bbe5c1ffba87d42f99650e49a /internal/server
parent	6e092d6456f870df0ae90f400e6848d748a93c4c (diff)
download	website-37895a7da8dfd3a2d419e62350595bd83cceb434.tar.lz website-37895a7da8dfd3a2d419e62350595bd83cceb434.tar.zst website-37895a7da8dfd3a2d419e62350595bd83cceb434.zip