caddyhttp: Refactor cert Managers (fix #5415) (#5533)

author: Matt Holt <mholt@users.noreply.github.com> 2023-05-15 10:47:30 -0600
committer: GitHub <noreply@github.com> 2023-05-15 10:47:30 -0600
commit: 96919acc9d583ef11ea1f9c72a9991fb3f8aab9f (patch)
tree: 40b6b48bfe159176495c7904190e8098ca24d1ac /caddyconfig
parent: e96aafe1ca04e30fc10992a77ae08d3a3f3c5f05 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 2021970..c63569e 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -218,6 +218,10 @@ func (st ServerType) buildTLSApp(
 			if len(ap.Issuers) == 0 {
 				var internal, external []string
 				for _, s := range ap.SubjectsRaw {
+					// do not create Issuers for Tailscale domains; they will be given a Manager instead
+					if strings.HasSuffix(strings.ToLower(s), ".ts.net") {
+						continue
+					}
 					if !certmagic.SubjectQualifiesForCert(s) {
 						return nil, warnings, fmt.Errorf("subject does not qualify for certificate: '%s'", s)
 					}
author	Matt Holt <mholt@users.noreply.github.com>	2023-05-15 10:47:30 -0600
committer	GitHub <noreply@github.com>	2023-05-15 10:47:30 -0600
commit	96919acc9d583ef11ea1f9c72a9991fb3f8aab9f (patch)
tree	40b6b48bfe159176495c7904190e8098ca24d1ac /caddyconfig
parent	e96aafe1ca04e30fc10992a77ae08d3a3f3c5f05 (diff)