Closed ante-maric closed 3 months ago
Did you implement DNS validation? https://github.com/natemcmaster/LettuceEncrypt#when-using-dns-01
Did you implement DNS validation? https://github.com/natemcmaster/LettuceEncrypt#when-using-dns-01
Yes, I did. Otherwise certificate would not have been created.
Is there a working example on how to implement the IDnsChallengeProvider and replace the NoOpDnsChallengeProvider ?
The DNS challenge support was implemented by another contributor, so I didn't test myself, but I found this example on GitHub
The reason for this bug is here: LettuceEncrypt.Internal.CertificateSelector
[TryGetValue] failed to obtain wildcard domain name.
The following is the improvement code:
2. https://github.com/natemcmaster/LettuceEncrypt/blob/ba32cda0372ed6327126e2d1520d9c4c96d357e2/src/LettuceEncrypt/Internal/CertificateSelector.cs#L87 public bool HasCertForDomain(string domainName) => _certs.ContainsKey(domainName);
[ContainsKey] failed to obtain wildcard domain name.
The following is the improvement code:
3. https://github.com/natemcmaster/LettuceEncrypt/blob/ba32cda0372ed6327126e2d1520d9c4c96d357e2/src/LettuceEncrypt/Internal/CertificateSelector.cs#L118-L121 [TryGet] failed to obtain wildcard domain name.
The following is the improvement code:
appsettings.json
"LettuceEncrypt": { "AcceptTermsOfService": true, "AllowedChallengeTypes": "Dns01", "EmailAddress": "xxxx@xxxx.com", "RenewDaysInAdvance": "7.00:00:00", "DomainNames": [ "*.mydomain.com" //this is wildcard domain ] }
I developed an Alibaba Cloud DNS verification project for this feature and it has been verified to be successful
Thanks @andywu188. I've merged your PR and uploaded https://www.nuget.org/packages/LettuceEncrypt/1.3.2-beta.292
Can you help me test and validate this fix works?
Thanks @andywu188. I've merged your PR and uploaded https://www.nuget.org/packages/LettuceEncrypt/1.3.2-beta.292
Can you help me test and validate this fix works?
OK, i will check it out as soon as possible
very good, no error.
Thank you for the fix and testing!
Describe the bug If DomainNames in options contain wildcard, subdomains are not handled and SSL/TLS handshake fails.
To Reproduce Steps to reproduce the behavior:
Expected behavior If I have wildcard domain (*.some.domain.com) CertificateSelector.Select should select correct certificate for all subdomains (web.some.domain.com, home.some.domain.com...)
Additional context The only workaround I have is setting my certificate as FallbackCertificate, which I would argue is not really a proper solution.