acme: allow wildcard domain entries

Reported in our community forum [0], support for wildcard certificates
via ACME sounds like a good enhancement (especially for PMG).

In order for this to work you need to configure the wild-card
sub-entry (*.domain.example) as ACME domains and be able to verify
that via a DNS Plugin.
This is best described in the announcement by Let's Encrypt announcing
wildcard certificate support [1], or the dns challenge type
documentation[2].

Quickly tested with a domain of mine (and the powerdns plugin)

[0]: https://forum.proxmox.com/threads/feature-request-add-wildcard-support-for-acme.87495/
[1]: https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
[2]: https://letsencrypt.org/docs/challenge-types/#dns-01-challenge

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

diff --git a/src/PMG/CertHelpers.pm b/src/PMG/CertHelpers.pm
index 5122f71b9ee54a3a39b9e9fe15f9142349aa9f10..b7e79b704ea3565dd8e67156f658c37ab9f95256 100644 (file)
--- a/src/PMG/CertHelpers.pm
+++ b/src/PMG/CertHelpers.pm
@@ -57,7 +57,7 @@ PVE::JSONSchema::register_format('pmg-acme-domain', sub {
 
     my $label = qr/[a-z0-9][a-z0-9_-]*/i;
 
-    return $domain if $domain =~ /^$label(?:\.$label)+$/;
+    return $domain if $domain =~ /^(?:\*\.)?$label(?:\.$label)+$/;
     return undef if $noerr;
     die "value '$domain' does not look like a valid domain name!\n";
 });