Undocumented ACME Client Directive

Message ID
DKIM signature
Download raw message

Today I was configuring SSL for multiple domain names with the acme tls 
loader. From the way I have things set-up I wished for multiple nodes to 
share one domain, and to also have their own name in the event of a 
failure. At first I thought I could not do this as

 > https://maddy.email/man/_generated_maddy-tls.5/

only listed a "hostname" directive, and failed to start if multiple 
names were provided.

Looking at the relevant source:


the directive "extra_names" was present in the configuration object, 
even though it was not listed in the published documentation.

I went ahead and tested out "extra_names" and was able to obtain the 
certificates I wanted, and verified that both certificates were present 
and functioning as intended on both hosts.

Could I get some clarification on what exactly this does? It seems to be 
obtaining multiple SSL certificates (one per name) rather than utilizing 
the SAN field on one SSL certificate. I don't care either way, as Maddy 
is doing what it ought to (I think) with these. Some clarification would 
be nice without having to dive deeper into the Maddy source.

I also checked the man pages provided with the 0.5.4 release and they 
also do not include information about this directive.


Reply to thread Export thread (mbox)