From d35f618b10e9f530b068f42d1dcecb9e70b6ae0a Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Tue, 13 Sep 2022 08:59:03 -0600
Subject: caddytls: Error if placeholder is empty in 'ask'

Fixes #5036
---
 modules/caddytls/tls.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'modules/caddytls')

diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index fc5f2ac..2e532ed 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -185,9 +185,12 @@ func (t *TLS) Provision(ctx caddy.Context) error {
 		onDemandRateLimiter.SetWindow(0)
 	}
 
-	// run replacer on ask URL (for environment variables)
+	// run replacer on ask URL (for environment variables) -- return errors to prevent surprises (#5036)
 	if t.Automation != nil && t.Automation.OnDemand != nil && t.Automation.OnDemand.Ask != "" {
-		t.Automation.OnDemand.Ask = repl.ReplaceAll(t.Automation.OnDemand.Ask, "")
+		t.Automation.OnDemand.Ask, err = repl.ReplaceOrErr(t.Automation.OnDemand.Ask, true, true)
+		if err != nil {
+			return fmt.Errorf("preparing 'ask' endpoint: %v", err)
+		}
 	}
 
 	// load manual/static (unmanaged) certificates - we do this in
-- 
cgit v1.2.3