baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

acme: prevent some malformed errors.

Browse source
This commit is contained in:
Ludovic Fernandez 2018-10-11 10:50:03 +02:00 committed by Traefiker Bot
parent e8e9dd9400
commit 1b54f4d32a
3 changed files with 36 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
acme/acme.go
View file

@ -692,16 +692,25 @@ func searchUncheckedDomains(domains []string, certs map[string]*tls.Certificate)
} }
func (a *ACME) getDomainsCertificates(domains []string) (*Certificate, error) { func (a *ACME) getDomainsCertificates(domains []string) (*Certificate, error) {
domains = fun.Map(types.CanonicalDomain, domains).([]string) var cleanDomains []string
log.Debugf("Loading ACME certificates %s...", domains) for _, domain := range domains {
canonicalDomain := types.CanonicalDomain(domain)
cleanDomain := acme.UnFqdn(canonicalDomain)
if canonicalDomain != cleanDomain {
log.Warnf("FQDN detected, please remove the trailing dot: %s", canonicalDomain)
}
cleanDomains = append(cleanDomains, cleanDomain)
}
log.Debugf("Loading ACME certificates %s...", cleanDomains)
bundle := true bundle := true
certificate, err := a.client.ObtainCertificate(domains, bundle, nil, OSCPMustStaple) certificate, err := a.client.ObtainCertificate(cleanDomains, bundle, nil, OSCPMustStaple)
if err != nil { if err != nil {
return nil, fmt.Errorf("cannot obtain certificates: %+v", err) return nil, fmt.Errorf("cannot obtain certificates: %+v", err)
} }
log.Debugf("Loaded ACME certificates %s", domains) log.Debugf("Loaded ACME certificates %s", cleanDomains)
return &Certificate{ return &Certificate{
Domain: certificate.Domain, Domain: certificate.Domain,
CertURL: certificate.CertURL, CertURL: certificate.CertURL,

12
configuration/configuration.go
View file

@ -34,6 +34,7 @@ import (
"github.com/containous/traefik/tls" "github.com/containous/traefik/tls"
"github.com/containous/traefik/types" "github.com/containous/traefik/types"
"github.com/pkg/errors" "github.com/pkg/errors"
lego "github.com/xenolf/lego/acme"
) )
const ( const (
@ -402,6 +403,17 @@ func (gc *GlobalConfiguration) initACMEProvider() {
gc.ACME.HTTPChallenge = nil gc.ACME.HTTPChallenge = nil
} }
for _, domain := range gc.ACME.Domains {
if domain.Main != lego.UnFqdn(domain.Main) {
log.Warnf("FQDN detected, please remove the trailing dot: %s", domain.Main)
}
for _, san := range domain.SANs {
if san != lego.UnFqdn(san) {
log.Warnf("FQDN detected, please remove the trailing dot: %s", san)
}
}
}
// TODO: to remove in the future // TODO: to remove in the future
if len(gc.ACME.StorageFile) > 0 && len(gc.ACME.Storage) == 0 { if len(gc.ACME.StorageFile) > 0 && len(gc.ACME.Storage) == 0 {
log.Warn("ACME.StorageFile is deprecated, use ACME.Storage instead") log.Warn("ACME.StorageFile is deprecated, use ACME.Storage instead")

14
provider/acme/provider.go
View file

@ -12,7 +12,6 @@ import (
"sync" "sync"
"time" "time"
"github.com/BurntSushi/ty/fun"
"github.com/cenk/backoff" "github.com/cenk/backoff"
"github.com/containous/flaeg" "github.com/containous/flaeg"
"github.com/containous/traefik/log" "github.com/containous/traefik/log"
@ -762,8 +761,17 @@ func (p *Provider) getValidDomains(domain types.Domain, wildcardAllowed bool) ([
} }
} }
domains = fun.Map(types.CanonicalDomain, domains).([]string) var cleanDomains []string
return domains, nil for _, domain := range domains {
canonicalDomain := types.CanonicalDomain(domain)
cleanDomain := acme.UnFqdn(canonicalDomain)
if canonicalDomain != cleanDomain {
log.Warnf("FQDN detected, please remove the trailing dot: %s", canonicalDomain)
}
cleanDomains = append(cleanDomains, cleanDomain)
}
return cleanDomains, nil
} }
func isDomainAlreadyChecked(domainToCheck string, existentDomains []string) bool { func isDomainAlreadyChecked(domainToCheck string, existentDomains []string) bool {