From 95af4262a8adf12e0c5eb178d9e521903eb8b0e4 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Thu, 12 Nov 2020 15:02:35 -0700
Subject: caddytls: Support ACME alt cert chain preferences

---
 modules/caddytls/acmeissuer.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'modules/caddytls')

diff --git a/modules/caddytls/acmeissuer.go b/modules/caddytls/acmeissuer.go
index b73b34f..6466229 100644
--- a/modules/caddytls/acmeissuer.go
+++ b/modules/caddytls/acmeissuer.go
@@ -74,6 +74,11 @@ type ACMEIssuer struct {
 	// is internal or for development/testing purposes.
 	TrustedRootsPEMFiles []string `json:"trusted_roots_pem_files,omitempty"`
 
+	// List of preferred certificate chains, by issuer's CommonName. If empty,
+	// or if no matching chain is found, the first chain offered by the server
+	// will be used.
+	PreferredChains []string `json:"preferred_chains,omitempty"`
+
 	rootPool *x509.CertPool
 	template certmagic.ACMEManager
 	magic    *certmagic.Config
@@ -149,6 +154,7 @@ func (iss *ACMEIssuer) makeIssuerTemplate() (certmagic.ACMEManager, error) {
 		CertObtainTimeout: time.Duration(iss.ACMETimeout),
 		TrustedRoots:      iss.rootPool,
 		ExternalAccount:   iss.ExternalAccount,
+		PreferredChains:   iss.PreferredChains,
 		Logger:            iss.logger,
 	}
 
-- 
cgit v1.2.3