From: Lukas Schauer Date: Fri, 2 Mar 2018 17:52:16 +0000 (+0100) Subject: require a valid alias to be set for certain wildcard certificates (fixes #483) X-Git-Tag: v0.6.0~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0211d24577b4ddbdb60404ebcc434623e2d51b5f;p=thirdparty%2Fdehydrated.git require a valid alias to be set for certain wildcard certificates (fixes #483) --- diff --git a/dehydrated b/dehydrated index 880190d..362c426 100755 --- a/dehydrated +++ b/dehydrated @@ -1152,6 +1152,16 @@ command_sign_domains() { [ ${aliascount} -lt 1 ] && alias="${domain}" || alias="${alias#>}" export alias + if [[ -z "${morenames}" ]];then + echo "Processing ${domain}" + else + echo "Processing ${domain} with alternative names: ${morenames}" + fi + + if [ "${alias:0:2}" = "*." ]; then + _exiterr "Please define a valid alias for your ${domain} wildcard-certificate. See domains.txt-documentation for more details." + fi + local certdir="${CERTDIR}/${alias}" cert="${certdir}/cert.pem" chain="${certdir}/chain.pem" @@ -1160,12 +1170,6 @@ command_sign_domains() { timestamp="$(date +%s)" - if [[ -z "${morenames}" ]];then - echo "Processing ${domain}" - else - echo "Processing ${domain} with alternative names: ${morenames}" - fi - # If there is no existing certificate directory => make it if [[ ! -e "${certdir}" ]]; then echo " + Creating new directory ${certdir} ..." diff --git a/docs/domains_txt.md b/docs/domains_txt.md index 26183e7..db65d93 100644 --- a/docs/domains_txt.md +++ b/docs/domains_txt.md @@ -17,3 +17,6 @@ You can define an alias for your certificate which will (instead of the primary used as directory name under your certdir and for a per-certificate lookup. This allows multiple certificates with identical sets of domains but different configuration to exist. + +Certificates with a wildcard domain as first (or only) name require an alias to be set. +Aliases can't start with `*.`.