caddytls: Error if placeholder is empty in 'ask'

Fixes #5036
author: Matthew Holt <mholt@users.noreply.github.com> 2022-09-13 08:59:03 -0600
committer: Matthew Holt <mholt@users.noreply.github.com> 2022-09-13 08:59:03 -0600
commit: d35f618b10e9f530b068f42d1dcecb9e70b6ae0a (patch)
tree: 6ad217aba9881bafa5c08622d455a0289f9d5428 /modules/caddytls
parent: 9fe4f93bc7afd92f9e98749006aab7f0dd45562c (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index fc5f2ac..2e532ed 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -185,9 +185,12 @@ func (t *TLS) Provision(ctx caddy.Context) error {
 		onDemandRateLimiter.SetWindow(0)
 	}
 
-	// run replacer on ask URL (for environment variables)
+	// run replacer on ask URL (for environment variables) -- return errors to prevent surprises (#5036)
 	if t.Automation != nil && t.Automation.OnDemand != nil && t.Automation.OnDemand.Ask != "" {
-		t.Automation.OnDemand.Ask = repl.ReplaceAll(t.Automation.OnDemand.Ask, "")
+		t.Automation.OnDemand.Ask, err = repl.ReplaceOrErr(t.Automation.OnDemand.Ask, true, true)
+		if err != nil {
+			return fmt.Errorf("preparing 'ask' endpoint: %v", err)
+		}
 	}
 
 	// load manual/static (unmanaged) certificates - we do this in
author	Matthew Holt <mholt@users.noreply.github.com>	2022-09-13 08:59:03 -0600
committer	Matthew Holt <mholt@users.noreply.github.com>	2022-09-13 08:59:03 -0600
commit	d35f618b10e9f530b068f42d1dcecb9e70b6ae0a (patch)
tree	6ad217aba9881bafa5c08622d455a0289f9d5428 /modules/caddytls
parent	9fe4f93bc7afd92f9e98749006aab7f0dd45562c (diff)