Hello,
Today I was configuring SSL for multiple domain names with the acme tls
loader. From the way I have things set-up I wished for multiple nodes to
share one domain, and to also have their own name in the event of a
failure. At first I thought I could not do this as
> https://maddy.email/man/_generated_maddy-tls.5/
only listed a "hostname" directive, and failed to start if multiple
names were provided.
Looking at the relevant source:
>
https://github.com/foxcpp/maddy/blob/211e1a67ee9d65bea7c34346eb7affb639f9d22a/internal/tls/acme/acme.go#L54
the directive "extra_names" was present in the configuration object,
even though it was not listed in the published documentation.
I went ahead and tested out "extra_names" and was able to obtain the
certificates I wanted, and verified that both certificates were present
and functioning as intended on both hosts.
Could I get some clarification on what exactly this does? It seems to be
obtaining multiple SSL certificates (one per name) rather than utilizing
the SAN field on one SSL certificate. I don't care either way, as Maddy
is doing what it ought to (I think) with these. Some clarification would
be nice without having to dive deeper into the Maddy source.
I also checked the man pages provided with the 0.5.4 release and they
also do not include information about this directive.
Cheers,
rw