require a valid alias to be set for certain wildcard certificates (fixes #483)

2026-04-25 09:48:29 +02:00 · 2018-03-02 18:52:16 +01:00
parent 68274646bb
commit 0211d24577
2 changed files with 13 additions and 6 deletions
--- a/16
+++ b/16
@@ -1152,6 +1152,16 @@ command_sign_domains() {
    [ ${aliascount} -lt 1 ] && alias="${domain}" || alias="${alias#>}"
    export alias

+    if [[ -z "${morenames}" ]];then
+      echo "Processing ${domain}"
+    else
+      echo "Processing ${domain} with alternative names: ${morenames}"
+    fi
+
+    if [ "${alias:0:2}" = "*." ]; then
+      _exiterr "Please define a valid alias for your ${domain} wildcard-certificate. See domains.txt-documentation for more details."
+    fi
+
    local certdir="${CERTDIR}/${alias}"
    cert="${certdir}/cert.pem"
    chain="${certdir}/chain.pem"
@@ -1160,12 +1170,6 @@ command_sign_domains() {

    timestamp="$(date +%s)"

-    if [[ -z "${morenames}" ]];then
-      echo "Processing ${domain}"
-    else
-      echo "Processing ${domain} with alternative names: ${morenames}"
-    fi
-
    # If there is no existing certificate directory => make it
    if [[ ! -e "${certdir}" ]]; then
      echo " + Creating new directory ${certdir} ..."
--- a/docs/domains_txt.md
+++ b/docs/domains_txt.md
@@ -17,3 +17,6 @@ You can define an alias for your certificate which will (instead of the primary
 used as directory name under your certdir and for a per-certificate lookup.
 This allows multiple certificates with identical sets of domains but different configuration
 to exist.
+
+Certificates with a wildcard domain as first (or only) name require an alias to be set.
+Aliases can't start with `*.`.