Nested domain wildcards

Squizr · August 10, 2016, 1:58pm

Im trying to create nested wildcard certificates I have tried the following and I’m not sure if its possible if it is great if not I wouldn’t mind jumping into the code to make it
###Attempt 1

*.example.io:443 {
    log stdout
    proxy / webapp {
        transparent
    }
    tls test@email.com {
        max_certs 10
    }
}

api.*.example.io:443 {
    log stdout
    proxy / hostedapp {
        transparent
    }
    tls test@email.com {
        max_certs 10
    }
}
sock.*.example.io:443 {
    log stdout
    proxy / hostedsocket {
        websocket
    }
    tls test@email.com {
        max_certs 10
    }
}

###Attempt 2

*.example.io:443 {
    log stdout
    proxy / webapp {
        transparent
    }
    tls test@email.com {
        max_certs 10
    }
}

*.*.example.io:443 {
    log stdout
    proxy / hostedapp {
        transparent
    }
    proxy /socket hostedsocket {
        websocket
    }
    tls test@email.com {
        max_certs 10
    }
}

In attempt 1 everything breaks, in attempt 2 the second directive works but not the first one.
Getting “ERR_SSL_PROTOCOL_ERROR” from chrome

matt · August 10, 2016, 7:51pm

Let’s Encrypt doesn’t issue wildcard certificates, sorry. But Caddy can obtain individual certificates for each hostname that you need using max_certs as you’ve done there.

api.*.example.io:443

This is not a valid address; the docs say:

or have wildcards in place of domain labels from the left side:

So having them in the middle is not allowed. This is because they are not allowed in wildcard certificates and this syntax mirrors those requirements.

As for your SSL protocol error, some logging should help clear that up. Run caddy with -log stderr to see the process log printed to the screen.

system · November 8, 2016, 7:51pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.