From 1f2fe08c33c15342f0555c055b2bbec481a2a2e8 Mon Sep 17 00:00:00 2001
From: Wenxuan Zhao <viz@linux.com>
Date: Fri, 3 May 2019 09:08:37 -0700
Subject: [PATCH] Allow SANs for wildcards domain.

---
 pkg/provider/acme/provider.go      | 8 +-------
 pkg/provider/acme/provider_test.go | 6 +++---
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/pkg/provider/acme/provider.go b/pkg/provider/acme/provider.go
index 7c0e0fe12..a0284b56f 100644
--- a/pkg/provider/acme/provider.go
+++ b/pkg/provider/acme/provider.go
@@ -49,7 +49,7 @@ type Configuration struct {
 	DNSChallenge  *DNSChallenge  `description:"Activate DNS-01 Challenge"`
 	HTTPChallenge *HTTPChallenge `description:"Activate HTTP-01 Challenge"`
 	TLSChallenge  *TLSChallenge  `description:"Activate TLS-ALPN-01 Challenge"`
-	Domains       []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. No SANs for wildcards domain. Wildcard domains only accepted with DNSChallenge"`
+	Domains       []types.Domain `description:"CN and SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='*.main.net'. Wildcard domains only accepted with DNSChallenge"`
 }
 
 // Certificate is a struct which contains all data needed from an ACME certificate
@@ -720,12 +720,6 @@ func (p *Provider) getValidDomains(ctx context.Context, domain types.Domain, wil
 		}
 	}
 
-	for _, san := range domain.SANs {
-		if strings.HasPrefix(san, "*") {
-			return nil, fmt.Errorf("unable to generate a certificate in ACME provider for domains %q: SAN %q can not be a wildcard domain", strings.Join(domains, ","), san)
-		}
-	}
-
 	var cleanDomains []string
 	for _, domain := range domains {
 		canonicalDomain := types.CanonicalDomain(domain)
diff --git a/pkg/provider/acme/provider_test.go b/pkg/provider/acme/provider_test.go
index 193a2a819..2f2581fa6 100644
--- a/pkg/provider/acme/provider_test.go
+++ b/pkg/provider/acme/provider_test.go
@@ -243,12 +243,12 @@ func TestGetValidDomain(t *testing.T) {
 			expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
 		},
 		{
-			desc:            "unexpected SANs",
+			desc:            "wildcard SANs",
 			domains:         types.Domain{Main: "*.traefik.wtf", SANs: []string{"*.acme.wtf"}},
 			dnsChallenge:    &DNSChallenge{},
 			wildcardAllowed: true,
-			expectedErr:     "unable to generate a certificate in ACME provider for domains \"*.traefik.wtf,*.acme.wtf\": SAN \"*.acme.wtf\" can not be a wildcard domain",
-			expectedDomains: nil,
+			expectedErr:     "",
+			expectedDomains: []string{"*.traefik.wtf", "*.acme.wtf"},
 		},
 	}