From 51024675983d865c4635fa70184f827c6c543d02 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Wed, 23 Oct 2024 15:45:02 +0200 Subject: provision wildcard certificate correctly --- internal/server/tls.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'internal') diff --git a/internal/server/tls.go b/internal/server/tls.go index 4d52b8d..9f22a5e 100644 --- a/internal/server/tls.go +++ b/internal/server/tls.go @@ -5,6 +5,7 @@ import ( "crypto/x509" "net" "net/http" + "slices" "strconv" "go.alanpearce.eu/x/listenfd" @@ -35,6 +36,9 @@ type acmeConfig struct { func (s *Server) serveTLS() (err error) { log := s.log.Named("tls") + wildcardDomain := "*." + s.config.WildcardDomain + certificateDomains := slices.Clone(s.config.Domains) + // setting cfg.Logger is too late somehow certmagic.Default.Logger = log.GetLogger().Named("certmagic") cfg := certmagic.NewDefault() @@ -96,6 +100,8 @@ func (s *Server) serveTLS() (err error) { }, }) + certificateDomains = append(slices.Clone(s.config.Domains), wildcardDomain) + log.Info("acme", "username", acme.Username, "subdomain", acme.Subdomain, "server_url", acme.ServerURL) rs := certmagic_redis.New() @@ -164,7 +170,7 @@ func (s *Server) serveTLS() (err error) { "https_port", s.runtimeConfig.TLSPort, ) - err = cfg.ManageAsync(context.TODO(), s.config.Domains) + err = cfg.ManageAsync(context.TODO(), certificateDomains) if err != nil { return errors.Wrap(err, "could not enable TLS") } -- cgit 1.4.1