starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-03-03 14:40:00 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

should tls-acme-01 create a certificate per alias? #409

New Issue
Closed
opened 2025-12-29 01:24:35 +01:00 by adam · 2 comments
adam commented 2025-12-29 01:24:35 +01:00
Owner
Copy Link

Originally created by @dholth on GitHub (Jun 18, 2019).

I am working on an extended version of the hypercorn web server called snipercorn that understands ACME certificates. My dehydrated domains.txt says dingoskidneys.com www.dingoskidneys.com but only the second one gets a certificate in alpn-certs/. Then the web server receives a tls-alpn-01 request for dingoskidneys.com and fails to find a certificate with that filename.

It looks like I could do a few things. Symlink the altnames environment variable in a hook, or more likely update the web server to check domains.txt against the last altname on the line, since it already does something similar for the main certs.

It seems inconsistent that the first name on the line names the certs/ but the last name is used for alpn-certs/

Originally created by @dholth on GitHub (Jun 18, 2019). I am working on an extended version of the hypercorn web server called snipercorn that understands ACME certificates. My dehydrated domains.txt says `dingoskidneys.com www.dingoskidneys.com` but only the second one gets a certificate in alpn-certs/. Then the web server receives a tls-alpn-01 request for `dingoskidneys.com` and fails to find a certificate with that filename. It looks like I could do a few things. Symlink the `altnames` environment variable in a hook, or more likely update the web server to check domains.txt against the last `altname` on the line, since it already does something similar for the main certs. It seems inconsistent that the first name on the line names the certs/ but the last name is used for alpn-certs/
adam closed this issue 2025-12-29 01:24:36 +01:00
adam commented 2025-12-29 01:24:37 +01:00
Author
Owner
Copy Link

@dholth commented on GitHub (Jun 29, 2019):

It looks like the script is indeed creating both certificates for www.example.org and example.org, but it verifies and cleans up in the wrong order?

It creates challenge certs for www.example.org and example.org, but deletes www.example.org before asking letsencrypt to request the www.example.org challenge. Possibly my server is buggy, investigating...

@dholth commented on GitHub (Jun 29, 2019): It looks like the script is indeed creating both certificates for www.example.org and example.org, but it verifies and cleans up in the wrong order? It creates challenge certs for www.example.org and example.org, but deletes www.example.org before asking letsencrypt to request the www.example.org challenge. Possibly my server is buggy, investigating...
adam commented 2025-12-29 01:24:37 +01:00
Author
Owner
Copy Link

@dholth commented on GitHub (Jul 15, 2019):

It may be as simple as https://github.com/lukas2511/dehydrated/blob/master/dehydrated#L702

The altnames are alphabetized in the letsencrypt response

@dholth commented on GitHub (Jul 15, 2019): It may be as simple as https://github.com/lukas2511/dehydrated/blob/master/dehydrated#L702 The altnames are alphabetized in the letsencrypt response
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#409
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?