caddyhttp: Refactor cert Managers (fix #5415) (#5533)

author: Matt Holt <[email protected]> 2023-05-15 10:47:30 -0600
committer: GitHub <[email protected]> 2023-05-15 10:47:30 -0600
commit: 96919acc9d583ef11ea1f9c72a9991fb3f8aab9f (patch)
tree: 40b6b48bfe159176495c7904190e8098ca24d1ac /caddyconfig
parent: e96aafe1ca04e30fc10992a77ae08d3a3f3c5f05 (diff)
download: caddy-96919acc9d583ef11ea1f9c72a9991fb3f8aab9f.tar.gz
caddy-96919acc9d583ef11ea1f9c72a9991fb3f8aab9f.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index 2021970be..c63569e41 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -218,6 +218,10 @@ func (st ServerType) buildTLSApp(
 			if len(ap.Issuers) == 0 {
 				var internal, external []string
 				for _, s := range ap.SubjectsRaw {
+					// do not create Issuers for Tailscale domains; they will be given a Manager instead
+					if strings.HasSuffix(strings.ToLower(s), ".ts.net") {
+						continue
+					}
 					if !certmagic.SubjectQualifiesForCert(s) {
 						return nil, warnings, fmt.Errorf("subject does not qualify for certificate: '%s'", s)
 					}
author	Matt Holt <[email protected]>	2023-05-15 10:47:30 -0600
committer	GitHub <[email protected]>	2023-05-15 10:47:30 -0600
commit	96919acc9d583ef11ea1f9c72a9991fb3f8aab9f (patch)
tree	40b6b48bfe159176495c7904190e8098ca24d1ac /caddyconfig
parent	e96aafe1ca04e30fc10992a77ae08d3a3f3c5f05 (diff)
download	caddy-96919acc9d583ef11ea1f9c72a9991fb3f8aab9f.tar.gz caddy-96919acc9d583ef11ea1f9c72a9991fb3f8aab9f.zip