diff options
Diffstat (limited to 'modules/caddytls/tls.go')
-rw-r--r-- | modules/caddytls/tls.go | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go index 12d25ad..146eed4 100644 --- a/modules/caddytls/tls.go +++ b/modules/caddytls/tls.go @@ -137,7 +137,7 @@ func (t *TLS) Provision(ctx caddy.Context) error { continue } t.Automation.defaultInternalAutomationPolicy = &AutomationPolicy{ - IssuerRaw: json.RawMessage(`{"module":"internal"}`), + IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)}, } err = t.Automation.defaultInternalAutomationPolicy.Provision(t) if err != nil { @@ -303,20 +303,22 @@ func (t *TLS) Manage(names []string) error { // HandleHTTPChallenge ensures that the HTTP challenge is handled for the // certificate named by r.Host, if it is an HTTP challenge request. It -// requires that the automation policy for r.Host has an issue of type -// *certmagic.ACMEManager. +// requires that the automation policy for r.Host has an issuer of type +// *certmagic.ACMEManager, or one that is ACME-enabled (GetACMEIssuer()). func (t *TLS) HandleHTTPChallenge(w http.ResponseWriter, r *http.Request) bool { if !certmagic.LooksLikeHTTPChallenge(r) { return false } + // try all the issuers until we find the one that initiated the challenge ap := t.getAutomationPolicyForName(r.Host) - if ap.magic.Issuer == nil { - return false - } type acmeCapable interface{ GetACMEIssuer() *ACMEIssuer } - if am, ok := ap.magic.Issuer.(acmeCapable); ok { - iss := am.GetACMEIssuer() - return certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) + for _, iss := range ap.magic.Issuers { + if am, ok := iss.(acmeCapable); ok { + iss := am.GetACMEIssuer() + if certmagic.NewACMEManager(iss.magic, iss.template).HandleHTTPChallenge(w, r) { + return true + } + } } return false } |