From 03e251391989ed2f9c56e790ddd1da6cce560cf4 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 1 Apr 2019 23:11:56 -0600 Subject: [PATCH] updates for wildcards --- lib/core.js | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/lib/core.js b/lib/core.js index beb81ce..fb0cbe7 100644 --- a/lib/core.js +++ b/lib/core.js @@ -223,17 +223,28 @@ module.exports.create = function (gl) { var challengeDefaults = gl['_challengeOpts_' + (args.challengeType || gl.challengeType)] || {}; var copy = utils.merge(args, challengeDefaults || {}); copy = utils.merge(copy, gl); + if (!copy.subject) { copy.subject = copy.domains[0]; } + if (!copy.domain) { copy.domain = copy.domains[0]; } args = utils.tplCopy(copy); if (!Array.isArray(args.domains)) { return PromiseA.reject(new Error('args.domains should be an array of domains')); } - + //if (-1 === args.domains.indexOf(args.subject)) // TODO relax the constraint once acme-v2 handles subject? + if (args.subject !== args.domains[0]) { + console.warn("The certificate's subject (primary domain) should be first in the list of opts.domains"); + console.warn('\topts.subject: (set by you approveDomains(), falling back to opts.domain) ' + args.subject); + console.warn('\topts.domain: (set by SNICallback()) ' + args.domain); + console.warn('\topts.domains: (set by you in approveDomains()) ' + args.domains.join(',')); + console.warn("Updating your code will prevent weird, random, hard-to-repro bugs during renewals"); + console.warn("(also this will be required in the next major version of greenlock)"); + //return PromiseA.reject(new Error('certificate subject (primary domain) must be the first in opts.domains')); + } if (!(args.domains.length && args.domains.every(utils.isValidDomain))) { // NOTE: this library can't assume to handle the http loopback // (or dns-01 validation may be used) // so we do not check dns records or attempt a loopback here - err = new Error("invalid domain name(s): '" + args.domains + "'"); + err = new Error("invalid domain name(s): '(" + args.subject + ') ' + args.domains.join(',') + "'"); err.code = "INVALID_DOMAIN"; return PromiseA.reject(err); } @@ -326,6 +337,7 @@ module.exports.create = function (gl) { , accountKeypair: RSA.import(account.keypair) , domainKeypair: domainKeypair + , subject: args.subject // TODO handle this in acme-v2 , domains: args.domains , challengeType: args.challengeType }; @@ -358,7 +370,7 @@ module.exports.create = function (gl) { gl.challenges[args.challengeType].remove(copy, domain, key, done); }; - log(args.debug, 'calling greenlock.acme.getCertificateAsync', certReq.domains); + log(args.debug, 'calling greenlock.acme.getCertificateAsync', certReq.subject, certReq.domains); // TODO acme-v2/nocompat return gl.acme.getCertificateAsync(certReq).then(utils.attachCertInfo);