Reported in our community forum [0], support for wildcard certificates
via ACME sounds like a good enhancement (especially for PMG).
In order for this to work you need to configure the wild-card
sub-entry (*.domain.example) as ACME domains and be able to verify
that via a DNS Plugin.
This is best described in the announcement by Let's Encrypt announcing
wildcard certificate support [1], or the dns challenge type
documentation[2].
Quickly tested with a domain of mine (and the powerdns plugin)
[0]: https://forum.proxmox.com/threads/feature-request-add-wildcard-support-for-acme.87495/
[1]: https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
[2]: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
my $label = qr/[a-z0-9][a-z0-9_-]*/i;
- return $domain if $domain =~ /^$label(?:\.$label)+$/;
+ return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/;
return undef if $noerr;
die "value '$domain' does not look like a valid domain name!\n";
});