~foxcpp/maddy

Undocumented ACME Client Directive

Details
Message ID
<49b5729c-407a-1ff6-bceb-c42d31939439@alwayswatching.me>
DKIM signature
missing
Download raw message
Hello,

Today I was configuring SSL for multiple domain names with the acme tls 
loader. From the way I have things set-up I wished for multiple nodes to 
share one domain, and to also have their own name in the event of a 
failure. At first I thought I could not do this as

 > https://maddy.email/man/_generated_maddy-tls.5/

only listed a "hostname" directive, and failed to start if multiple 
names were provided.

Looking at the relevant source:

 > 
https://github.com/foxcpp/maddy/blob/211e1a67ee9d65bea7c34346eb7affb639f9d22a/internal/tls/acme/acme.go#L54

the directive "extra_names" was present in the configuration object, 
even though it was not listed in the published documentation.

I went ahead and tested out "extra_names" and was able to obtain the 
certificates I wanted, and verified that both certificates were present 
and functioning as intended on both hosts.

Could I get some clarification on what exactly this does? It seems to be 
obtaining multiple SSL certificates (one per name) rather than utilizing 
the SAN field on one SSL certificate. I don't care either way, as Maddy 
is doing what it ought to (I think) with these. Some clarification would 
be nice without having to dive deeper into the Maddy source.

I also checked the man pages provided with the 0.5.4 release and they 
also do not include information about this directive.

Cheers,

rw
Reply to thread Export thread (mbox)