mirror of
https://github.com/mjl-/mox.git
synced 2025-07-10 07:54:40 +03:00
also configure acme validation with http-01, and fix a bug that caused tls cert refresh at startup to not always run
we already do acme tls-alpn-01 validation, and still require it (we could relax this at some point). http-01 is easy to add. the bug was that the list of acme managers and hosts to refresh was overwritten by another listener. the listeners are a map, and we range over it, so the order we handle them is random. if the public listener was handled first, and an internal handler later, the list was reset again.
This commit is contained in:
@ -2,11 +2,9 @@
|
||||
// requesting certificates with ACME, typically from Let's Encrypt.
|
||||
package autotls
|
||||
|
||||
// We only do tls-alpn-01. For http-01, we would have to start another
|
||||
// listener. For DNS we would need a third party tool with an API that can make
|
||||
// the DNS changes, as we don't want to link in dozens of bespoke API's for DNS
|
||||
// record manipulation into mox. We can do http-01 relatively easily. It could
|
||||
// be useful to not depend on a single mechanism.
|
||||
// We do tls-alpn-01, and also http-01. For DNS we would need a third party tool
|
||||
// with an API that can make the DNS changes, as we don't want to link in dozens of
|
||||
// bespoke API's for DNS record manipulation into mox.
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
@ -272,6 +270,12 @@ func (m *Manager) HostPolicy(ctx context.Context, host string) (rerr error) {
|
||||
default:
|
||||
}
|
||||
|
||||
xhost, _, err := net.SplitHostPort(host)
|
||||
if err == nil {
|
||||
// For http-01, host may include a port number.
|
||||
host = xhost
|
||||
}
|
||||
|
||||
d, err := dns.ParseDomain(host)
|
||||
if err != nil {
|
||||
return fmt.Errorf("invalid host: %v", err)
|
||||
|
Reference in New Issue
Block a user