Caddyfile adapter wraps localhost into automation policy for public names #4220

mholt · 2021-06-25T06:01:02Z

This minimal Caddyfile:

{
	email foo@bar
}

localhost {
}

example.com {
}

yields automation policies in JSON:

[
  {
    "subjects": [
      "example.com",
      "localhost"
    ],
    "issuers": [
      {
        "email": "foo@bar",
        "module": "acme"
      },
      {
        "email": "foo@bar",
        "module": "zerossl"
      }
    ]
  }
]

which is clearly wrong, because localhost can't get a cert from Let's Encrypt or ZeroSSL (or any publicly-trusted CA).

Already have a fix incoming. Just making this issue for future reference.

(Edit: Looks like we have a test that is actually enforcing this behavior, global_options_preferred_chains.txt - but there's no way that's intentional, right?)

The text was updated successfully, but these errors were encountered:

francislavoie · 2021-06-25T10:32:42Z

Yeah - that test is incorrect. 👍

mholt added bug 🐞 Something isn't working in progress 🏃‍♂️ Being actively worked on labels Jun 25, 2021

mholt added this to the v2.4.4 milestone Jun 25, 2021

mholt self-assigned this Jun 25, 2021

mholt closed this as completed in b3d35a4 Jun 25, 2021

mholt removed the in progress 🏃‍♂️ Being actively worked on label Jun 25, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Caddyfile adapter wraps localhost into automation policy for public names #4220

Caddyfile adapter wraps localhost into automation policy for public names #4220

mholt commented Jun 25, 2021 •

edited

Loading

francislavoie commented Jun 25, 2021

Caddyfile adapter wraps localhost into automation policy for public names #4220

Caddyfile adapter wraps localhost into automation policy for public names #4220

Comments

mholt commented Jun 25, 2021 • edited Loading

francislavoie commented Jun 25, 2021

mholt commented Jun 25, 2021 •

edited

Loading