Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Letsencrypt-Wildcards are not requested when used in main-domain (kv-store) #3092

Closed
eBeyond opened this issue Mar 28, 2018 · 2 comments
Closed

Letsencrypt-Wildcards are not requested when used in main-domain (kv-store) #3092

eBeyond opened this issue Mar 28, 2018 · 2 comments
Assignees
@nmengin
Labels
area/acme contributor/waiting-for-feedback kind/enhancement a new or improved feature. priority/P1 need to be fixed in next release status/5-frozen-due-to-age
Milestone
1.6

Comments

@eBeyond
Copy link

eBeyond commented Mar 28, 2018
edited by ldez

Do you want to request a feature or report a bug?

bug

What did you do?

I defined my domains in a key value store:

traefik/acme/domains/0/main: *.my-domain.de
traefik/acme/domains/0/sans/0: my-domain.de

What did you expect to see?

I would expect that a certificate for that will be requested. The wildcard-domain in main would be the main the one in sans would be the alternative name for the first one. (Letsencrypt doesn't support wildcards in SANS)

What did you see instead?

** time="2018-03-28T05:48:27Z" level=error msg="Error validating ACME certificate for domain []: unable to generate a wildcard certificate for domain \"*.my-domain.de,my-domain.de\" : SANs are not allowed"**

I would think that the main domain is also prepended to the sans.

Output of traefik version: (What version of Traefik are you using?)

1.6.0-rc2-alpine
@juliens juliens added status/0-needs-triage area/acme kind/enhancement a new or improved feature. priority/P1 need to be fixed in next release and removed status/0-needs-triage labels Mar 28, 2018
@nmengin
Copy link
Contributor

nmengin commented Mar 30, 2018

Hello @eBeyond.

Many thanks for your interest in the project.

Today, Træfik does not allow generating wildcard certificates with SANs as it's described in the documentation :

Wildcard domains can currently be provided only by to the acme.domains option. Theses domains can not have SANs.

Even if we are currenly working to implement a solution which allows this feature, it's not as easy as it appears and it can take few times.

For the moment, as a workaround, WDYT to declare 2 domains with no SANs in your configuration?

@nmengin nmengin mentioned this issue Apr 10, 2018
Merged
2 tasks
@traefiker traefiker added this to the 1.6 milestone Apr 11, 2018
@traefiker
Copy link
Contributor

Closed by #3167.

@traefik traefik locked and limited conversation to collaborators Sep 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nmengin nmengin

Labels
area/acme contributor/waiting-for-feedback kind/enhancement a new or improved feature. priority/P1 need to be fixed in next release status/5-frozen-due-to-age
Projects
None yet
Milestone
1.6
Development

No branches or pull requests
4 participants
@juliens @eBeyond @nmengin @traefiker