mirror of https://github.com/caddyserver/caddy.git
b6686a54d8
We have users that have site blocks like *.*.tld with on-demand TLS enabled. While *.*.tld does not qualify for a publicly-trusted cert due to its wildcards, On-Demand TLS does not actually obtain a cert with those wildcards, since it uses the actual hostname on the handshake. This improves on that logic, but I am still not 100% satisfied with the result since I think we need to also check if another site block is more specific, like foo.example.tld, which might not have on-demand TLS enabled, and make sure an automation policy gets created before the more general policy with on-demand... |
||
---|---|---|
.. | ||
distributedstek | ||
standardstek | ||
acmeissuer.go | ||
automation.go | ||
certselection.go | ||
connpolicy.go | ||
fileloader.go | ||
folderloader.go | ||
internalissuer.go | ||
matchers.go | ||
matchers_test.go | ||
pemloader.go | ||
sessiontickets.go | ||
tls.go | ||
values.go | ||
zerosslissuer.go |