[pmg-devel] [PATCH pmg-api] acme: allow wildcard domain entries

Stoiko Ivanov s.ivanov at proxmox.com
Mon Apr 12 15:23:59 CEST 2021


Reported in our community forum [0], support for wildcard certificates
via ACME sounds like a good enhancement (especially for PMG).

In order for this to work you need to configure both:
* the wild-card subentry (*.domain.example)
* the base entry (domain.example)
as ACME domains (and be able to verify both of them via DNS Plugin)

Quickly tested with a domain of mine (and the powerdns plugin)

[0]
https://forum.proxmox.com/threads/feature-request-add-wildcard-support-for-acme.87495/

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 src/PMG/CertHelpers.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PMG/CertHelpers.pm b/src/PMG/CertHelpers.pm
index 5122f71..b7e79b7 100644
--- a/src/PMG/CertHelpers.pm
+++ b/src/PMG/CertHelpers.pm
@@ -57,7 +57,7 @@ PVE::JSONSchema::register_format('pmg-acme-domain', sub {
 
     my $label = qr/[a-z0-9][a-z0-9_-]*/i;
 
-    return $domain if $domain =~ /^$label(?:\.$label)+$/;
+    return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/;
     return undef if $noerr;
     die "value '$domain' does not look like a valid domain name!\n";
 });
-- 
2.20.1





More information about the pmg-devel mailing list