require a valid alias to be set for certain wildcard certificates (fixes

dehydrated-io#483)
trrk · Mar 2, 2018 · 0211d24 · 0211d24
1 parent 6827464
commit 0211d24
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 6 deletions.
diff --git a/dehydrated b/dehydrated
@@ -1152,6 +1152,16 @@ command_sign_domains() {
     [ ${aliascount} -lt 1 ] && alias="${domain}" || alias="${alias#>}"
     export alias
 
+    if [[ -z "${morenames}" ]];then
+      echo "Processing ${domain}"
+    else
+      echo "Processing ${domain} with alternative names: ${morenames}"
+    fi
+
+    if [ "${alias:0:2}" = "*." ]; then
+      _exiterr "Please define a valid alias for your ${domain} wildcard-certificate. See domains.txt-documentation for more details."
+    fi
+
     local certdir="${CERTDIR}/${alias}"
     cert="${certdir}/cert.pem"
     chain="${certdir}/chain.pem"
@@ -1160,12 +1170,6 @@ command_sign_domains() {
 
     timestamp="$(date +%s)"
 
-    if [[ -z "${morenames}" ]];then
-      echo "Processing ${domain}"
-    else
-      echo "Processing ${domain} with alternative names: ${morenames}"
-    fi
-
     # If there is no existing certificate directory => make it
     if [[ ! -e "${certdir}" ]]; then
       echo " + Creating new directory ${certdir} ..."

diff --git a/docs/domains_txt.md b/docs/domains_txt.md
@@ -17,3 +17,6 @@ You can define an alias for your certificate which will (instead of the primary
 used as directory name under your certdir and for a per-certificate lookup.
 This allows multiple certificates with identical sets of domains but different configuration
 to exist.
+
+Certificates with a wildcard domain as first (or only) name require an alias to be set.
+Aliases can't start with `*.`.