Do not check for wildcard domains for non DNS challenge

This commit is contained in:
Erikas 2023-05-16 17:00:06 +03:00 committed by GitHub
parent 511762cbf3
commit 021f37ff71
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 15 deletions

View file

@ -922,15 +922,9 @@ func (p *Provider) sanitizeDomains(ctx context.Context, domain types.Domain) ([]
var cleanDomains []string var cleanDomains []string
for _, dom := range domains { for _, dom := range domains {
if strings.HasPrefix(dom, "*") {
if p.DNSChallenge == nil {
return nil, fmt.Errorf("unable to generate a wildcard certificate in ACME provider for domain %q : ACME needs a DNSChallenge", strings.Join(domains, ","))
}
if strings.HasPrefix(dom, "*.*") { if strings.HasPrefix(dom, "*.*") {
return nil, fmt.Errorf("unable to generate a wildcard certificate in ACME provider for domain %q : ACME does not allow '*.*' wildcard domain", strings.Join(domains, ",")) return nil, fmt.Errorf("unable to generate a wildcard certificate in ACME provider for domain %q : ACME does not allow '*.*' wildcard domain", strings.Join(domains, ","))
} }
}
canonicalDomain := types.CanonicalDomain(dom) canonicalDomain := types.CanonicalDomain(dom)
cleanDomain := dns01.UnFqdn(canonicalDomain) cleanDomain := dns01.UnFqdn(canonicalDomain)

View file

@ -217,13 +217,6 @@ func TestProvider_sanitizeDomains(t *testing.T) {
expectedErr: "no domain was given", expectedErr: "no domain was given",
expectedDomains: nil, expectedDomains: nil,
}, },
{
desc: "no DNSChallenge",
domains: types.Domain{Main: "*.traefik.wtf", SANs: []string{"foo.traefik.wtf"}},
dnsChallenge: nil,
expectedErr: "unable to generate a wildcard certificate in ACME provider for domain \"*.traefik.wtf,foo.traefik.wtf\" : ACME needs a DNSChallenge",
expectedDomains: nil,
},
{ {
desc: "unauthorized wildcard with SAN", desc: "unauthorized wildcard with SAN",
domains: types.Domain{Main: "*.*.traefik.wtf", SANs: []string{"foo.traefik.wtf"}}, domains: types.Domain{Main: "*.*.traefik.wtf", SANs: []string{"foo.traefik.wtf"}},