diff options
author | Matthew Holt <mholt@users.noreply.github.com> | 2020-10-22 12:40:23 -0600 |
---|---|---|
committer | Matthew Holt <mholt@users.noreply.github.com> | 2020-10-22 12:40:23 -0600 |
commit | b6686a54d8b21bedbf042caa4a6c09d78d345fc7 (patch) | |
tree | dbd984913bfb5c0341b6e3899a9da332ad8a160b /modules/caddytls/distributedstek | |
parent | 97caf368eea8d2c33a7786fbe3471b83b5b294dc (diff) |
httpcaddyfile: Improve AP logic with OnDemand
We have users that have site blocks like *.*.tld with on-demand TLS
enabled. While *.*.tld does not qualify for a publicly-trusted cert due
to its wildcards, On-Demand TLS does not actually obtain a cert with
those wildcards, since it uses the actual hostname on the handshake.
This improves on that logic, but I am still not 100% satisfied with the
result since I think we need to also check if another site block is more
specific, like foo.example.tld, which might not have on-demand TLS
enabled, and make sure an automation policy gets created before the
more general policy with on-demand...
Diffstat (limited to 'modules/caddytls/distributedstek')
0 files changed, 0 insertions, 0 deletions