Generate wildcard certificate with SANs in ACME

2018-04-11 17:16:07 +02:00 · 2018-04-11 17:16:07 +02:00 · 7109910f46
commit 7109910f46
parent 8168d2fdc1
5 changed files with 271 additions and 96 deletions
--- a/acme/acme_test.go
+++ b/acme/acme_test.go
@ -417,11 +417,27 @@ func TestAcme_getValidDomain(t *testing.T) {
 			expectedDomains: nil,
 		},
 		{
-			desc:            "unexpected SANs",
-			domains:         []string{"*.traefik.wtf", "foo.traefik.wtf"},
+			desc:            "unauthorized wildcard with SAN",
+			domains:         []string{"*.*.traefik.wtf", "foo.traefik.wtf"},
 			dnsChallenge:    &acmeprovider.DNSChallenge{},
 			wildcardAllowed: true,
-			expectedErr:     "unable to generate a wildcard certificate for domain \"*.traefik.wtf,foo.traefik.wtf\" : SANs are not allowed",
+			expectedErr:     "unable to generate a wildcard certificate for domain \"*.*.traefik.wtf,foo.traefik.wtf\" : ACME does not allow '*.*' wildcard domain",
+			expectedDomains: nil,
+		},
+		{
+			desc:            "wildcard with SANs",
+			domains:         []string{"*.traefik.wtf", "traefik.wtf"},
+			dnsChallenge:    &acmeprovider.DNSChallenge{},
+			wildcardAllowed: true,
+			expectedErr:     "",
+			expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
+		},
+		{
+			desc:            "unexpected SANs",
+			domains:         []string{"*.traefik.wtf", "*.acme.wtf"},
+			dnsChallenge:    &acmeprovider.DNSChallenge{},
+			wildcardAllowed: true,
+			expectedErr:     "unable to generate a certificate for domains \"*.traefik.wtf,*.acme.wtf\": SANs can not be a wildcard domain",
 			expectedDomains: nil,
 		},
 	}