[pmg-devel] [PATCH pmg-api v2 1/1] acme: allow wildcard domain entries

Stoiko Ivanov s.ivanov at proxmox.com
Mon Apr 12 21:28:31 CEST 2021

Reported in our community forum [0], support for wildcard certificates
via ACME sounds like a good enhancement (especially for PMG).

In order for this to work you need to configure both:
* the wild-card subentry (*.domain.example)
* the base entry (domain.example)
as ACME domains (and be able to verify both of them via DNS Plugin).
This is best described in the announcement by Let's Encrypt announcing
wildcard certificate support [1].

Quickly tested with a domain of mine (and the powerdns plugin)


Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
 src/PMG/CertHelpers.pm | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/PMG/CertHelpers.pm b/src/PMG/CertHelpers.pm
index 5122f71..b7e79b7 100644
--- a/src/PMG/CertHelpers.pm
+++ b/src/PMG/CertHelpers.pm
@@ -57,7 +57,7 @@ PVE::JSONSchema::register_format('pmg-acme-domain', sub {
     my $label = qr/[a-z0-9][a-z0-9_-]*/i;
-    return $domain if $domain =~ /^$label(?:\.$label)+$/;
+    return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/;
     return undef if $noerr;
     die "value '$domain' does not look like a valid domain name!\n";

More information about the pmg-devel mailing list