require a valid alias to be set for certain wildcard certificates (fixes #483)

diff --git a/dehydrated b/dehydrated
index 880190dbbdbe7be4d77fc59452aef5d822b1ed83..362c4265c4960a8571ab8bb3e45e44a83dbaf9fb 100755 (executable)
--- a/dehydrated
+++ b/dehydrated
@@ -1152,6 +1152,16 @@ command_sign_domains() {
     [ ${aliascount} -lt 1 ] && alias="${domain}" || alias="${alias#>}"
     export alias
 
+    if [[ -z "${morenames}" ]];then
+      echo "Processing ${domain}"
+    else
+      echo "Processing ${domain} with alternative names: ${morenames}"
+    fi
+
+    if [ "${alias:0:2}" = "*." ]; then
+      _exiterr "Please define a valid alias for your ${domain} wildcard-certificate. See domains.txt-documentation for more details."
+    fi
+
     local certdir="${CERTDIR}/${alias}"
     cert="${certdir}/cert.pem"
     chain="${certdir}/chain.pem"
@@ -1160,12 +1170,6 @@ command_sign_domains() {
 
     timestamp="$(date +%s)"
 
-    if [[ -z "${morenames}" ]];then
-      echo "Processing ${domain}"
-    else
-      echo "Processing ${domain} with alternative names: ${morenames}"
-    fi
-
     # If there is no existing certificate directory => make it
     if [[ ! -e "${certdir}" ]]; then
       echo " + Creating new directory ${certdir} ..."

diff --git a/docs/domains_txt.md b/docs/domains_txt.md
index 26183e7df30c2dd4d2ba75e065d4f594a86a71ec..db65d932afce38e3b3e4b6f9c1be894f20518b85 100644 (file)
--- a/docs/domains_txt.md
+++ b/docs/domains_txt.md
@@ -17,3 +17,6 @@ You can define an alias for your certificate which will (instead of the primary
 used as directory name under your certdir and for a per-certificate lookup.
 This allows multiple certificates with identical sets of domains but different configuration
 to exist.
+
+Certificates with a wildcard domain as first (or only) name require an alias to be set.
+Aliases can't start with `*.`.