http: Consider wildcards when evaluating automatic HTTPS

2 files changed, 6 insertions, 6 deletions

diff --git a/modules/caddyhttp/caddyhttp.go b/modules/caddyhttp/caddyhttp.go
index b6a8148..c044a9b 100644
--- a/modules/caddyhttp/caddyhttp.go
+++ b/modules/caddyhttp/caddyhttp.go
@@ -313,8 +313,8 @@ func (app *App) automaticHTTPS() error {
 					// don't obtain another one for it, unless we are
 					// supposed to ignore loaded certificates
 					if !srv.AutoHTTPS.IgnoreLoadedCerts &&
-						len(tlsApp.CertificatesWithSAN(d)) > 0 {
-						log.Printf("[INFO][%s] Skipping automatic certificate management because a certificate with that SAN is already loaded", d)
+						len(tlsApp.AllMatchingCertificates(d)) > 0 {
+						log.Printf("[INFO][%s] Skipping automatic certificate management because one or more matching certificates are already loaded", d)
 						continue
 					}
 					domainsForCerts = append(domainsForCerts, d)
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index bbcf61e..99d3a5f 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -200,10 +200,10 @@ func (t *TLS) getAutomationPolicyForName(name string) AutomationPolicy {
 	return AutomationPolicy{Management: new(ACMEManagerMaker)}
 }
 
-// CertificatesWithSAN returns the list of all certificates
-// in the cache the match the given SAN value.
-func (t *TLS) CertificatesWithSAN(san string) []certmagic.Certificate {
-	return t.certCache.CertificatesWithSAN(san)
+// CertificatesForSAN returns the list of all certificates in
+// the cache which could be used to satisfy the given SAN.
+func (t *TLS) AllMatchingCertificates(san string) []certmagic.Certificate {
+	return t.certCache.AllMatchingCertificates(san)
 }
 
 // CertificateLoader is a type that can load certificates.