acme: check plugin for wildcard certificates

Let's Encrypt currently only issues wildcard certificates if the
domain ownership is validated via a dns-01 type plugin.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/src/PMG/NodeConfig.pm b/src/PMG/NodeConfig.pm
index 5f96e62307be84cf3eda0a57544840e8d867c93e..029b9030d796239538c1f546c07fdd6c88a1ae85 100644 (file)
--- a/src/PMG/NodeConfig.pm
+++ b/src/PMG/NodeConfig.pm
@@ -209,9 +209,9 @@ sub get_acme_conf {
        }
        $parsed->{plugin} //= 'standalone';
 
+       my $plugins = PMG::API2::ACMEPlugin::load_config();
        my $plugin_id = $parsed->{plugin};
        if ($plugin_id ne 'standalone') {
-           my $plugins = PMG::API2::ACMEPlugin::load_config();
            die "plugin '$plugin_id' for domain '$domain' not found!\n"
                if !$plugins->{ids}->{$plugin_id};
        }
@@ -220,6 +220,9 @@ sub get_acme_conf {
        # wildcard - see https://tools.ietf.org/html/rfc8555#section-7.1.3
        if ($domain =~ /^\*\.(.*)$/ ) {
            $res->{validationtarget}->{$1} = $domain;
+           die "wildcard domain validation for '$domain' needs a dns-01 plugin.\n"
+               if $plugins->{ids}->{$plugin_id}->{type} ne 'dns';
+
        }
 
        $parsed->{_configkey} = "acmedomain$index";