diff options
Diffstat (limited to 'caddyconfig')
-rw-r--r-- | caddyconfig/httpcaddyfile/tlsapp.go | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go index 85f9e5a..1e32be0 100644 --- a/caddyconfig/httpcaddyfile/tlsapp.go +++ b/caddyconfig/httpcaddyfile/tlsapp.go @@ -54,7 +54,7 @@ func (st ServerType) buildTLSApp( // a hostless key, so that they don't get forgotten/omitted // by auto-HTTPS (since they won't appear in route matchers) var serverBlocksWithTLSHostlessKey int - hostsSharedWithHostlessKey := make(map[string]struct{}) + httpsHostsSharedWithHostlessKey := make(map[string]struct{}) for _, pair := range pairings { for _, sb := range pair.serverBlocks { for _, addr := range sb.keys { @@ -70,8 +70,8 @@ func (st ServerType) buildTLSApp( if otherAddr.Original == addr.Original { continue } - if otherAddr.Host != "" { - hostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} + if otherAddr.Host != "" && otherAddr.Scheme != "http" && otherAddr.Port != httpPort { + httpsHostsSharedWithHostlessKey[otherAddr.Host] = struct{}{} } } break @@ -289,7 +289,7 @@ func (st ServerType) buildTLSApp( internalAP := &caddytls.AutomationPolicy{ IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } - for h := range hostsSharedWithHostlessKey { + for h := range httpsHostsSharedWithHostlessKey { al = append(al, h) if !certmagic.SubjectQualifiesForPublicCert(h) { internalAP.Subjects = append(internalAP.Subjects, h) |