tls: Add 'wildcard' subdirective to force wildcard certificate

Should only be used when many sites are defined in the Caddyfile, and you would run up against Let's Encrypt rate limits without a wildcard.

tls: Add 'wildcard' subdirective to force wildcard certificate
Should only be used when many sites are defined in the Caddyfile, and you would run up against Let's Encrypt rate limits without a wildcard.
37c852c3 · Matthew Holt · 3d01f46e · 37c852c3 · 37c852c3
Commit 37c852c3 authored Mar 17, 2018 by Matthew Holt
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 3 deletions

caddyhttp/httpserver/https.go caddyhttp/httpserver/https.go +2 -2

caddytls/setup.go caddytls/setup.go +14 -1

No files found.
--- a/caddyhttp/httpserver/https.go
+++ b/caddyhttp/httpserver/https.go
@@ -100,8 +100,8 @@ func enableAutoHTTPS(configs []*SiteConfig, loadCertificates bool) error {
 		}
 		cfg.TLS.Enabled = true
 		cfg.Addr.Scheme = "https"
-		if loadCertificates && caddytls.HostQualifies(cfg.Addr.Host) {
+		if loadCertificates && caddytls.HostQualifies(cfg.TLS.Hostname) {
-			_, err := cfg.TLS.CacheManagedCertificate(cfg.Addr.Host)
+			_, err := cfg.TLS.CacheManagedCertificate(cfg.TLS.Hostname)
 			if err != nil {
 				return err
 			}

--- a/caddytls/setup.go
+++ b/caddytls/setup.go
@@ -207,8 +207,21 @@ func setupTLS(c *caddy.Controller) error {
 				}
 			case "must_staple":
 				config.MustStaple = true
+			case "wildcard":
+				if !HostQualifies(config.Hostname) {
+					return c.Errf("Hostname '%s' does not qualify for managed TLS, so cannot manage wildcard certificate for it", config.Hostname)
+				}
+				if strings.Contains(config.Hostname, "*") {
+					return c.Errf("Cannot convert domain name '%s' to a valid wildcard: already has a wildcard label", config.Hostname)
+				}
+				parts := strings.Split(config.Hostname, ".")
+				if len(parts) < 3 {
+					return c.Errf("Cannot convert domain name '%s' to a valid wildcard: too few labels", config.Hostname)
+				}
+				parts[0] = "*"
+				config.Hostname = strings.Join(parts, ".")
 			default:
-				return c.Errf("Unknown keyword '%s'", c.Val())
+				return c.Errf("Unknown subdirective '%s'", c.Val())
 			}
 		}