From: Stoiko Ivanov <s.ivanov@proxmox.com>
Date: Thu, 15 Apr 2021 19:46:19 +0000 (+0200)
Subject: acme: check plugin for wildcard certificates
X-Git-Url: https://git.proxmox.com/?p=pmg-api.git;a=commitdiff_plain;h=a90140cccb55c34c5a4c40603868d96b94fb6bc5

acme: check plugin for wildcard certificates

Let's Encrypt currently only issues wildcard certificates if the
domain ownership is validated via a dns-01 type plugin.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---

diff --git a/src/PMG/NodeConfig.pm b/src/PMG/NodeConfig.pm
index 5f96e62..029b903 100644
--- a/src/PMG/NodeConfig.pm
+++ b/src/PMG/NodeConfig.pm
@@ -209,9 +209,9 @@ sub get_acme_conf {
 	}
 	$parsed->{plugin} //= 'standalone';
 
+	my $plugins = PMG::API2::ACMEPlugin::load_config();
 	my $plugin_id = $parsed->{plugin};
 	if ($plugin_id ne 'standalone') {
-	    my $plugins = PMG::API2::ACMEPlugin::load_config();
 	    die "plugin '$plugin_id' for domain '$domain' not found!\n"
 		if !$plugins->{ids}->{$plugin_id};
 	}
@@ -220,6 +220,9 @@ sub get_acme_conf {
 	# wildcard - see https://tools.ietf.org/html/rfc8555#section-7.1.3
 	if ($domain =~ /^\*\.(.*)$/ ) {
 	    $res->{validationtarget}->{$1} = $domain;
+	    die "wildcard domain validation for '$domain' needs a dns-01 plugin.\n"
+		if $plugins->{ids}->{$plugin_id}->{type} ne 'dns';
+
 	}
 
 	$parsed->{_configkey} = "acmedomain$index";