diff options
| author | Paul Buetow <paul@buetow.org> | 2026-01-31 16:38:56 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-01-31 16:38:56 +0200 |
| commit | 2486a5e3965d25344e34c9ef98300f893fcdeb39 (patch) | |
| tree | ed4921645900c3e85a96aca351e61291ef4d737b /frontends | |
| parent | 678dbd8f6c0e581e185a527e9d380546dd8fb205 (diff) | |
fix: don't add www prefix to f3s hosts in ACME config
F3S hosts don't have DNS records for www variants, causing ACME validation
to fail. Only non-f3s hosts get www.hostname as alternative name in cert.
Fixes: audiobookshelf.f3s.buetow.org and other f3s hosts unable to obtain valid TLS certs
Amp-Thread-ID: https://ampcode.com/threads/T-019c1441-7e3a-77cd-890f-cd31df998a31
Co-authored-by: Amp <amp@ampcode.com>
Diffstat (limited to 'frontends')
| -rw-r--r-- | frontends/etc/acme-client.conf.tpl | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/frontends/etc/acme-client.conf.tpl b/frontends/etc/acme-client.conf.tpl index 473fae3..0c9671d 100644 --- a/frontends/etc/acme-client.conf.tpl +++ b/frontends/etc/acme-client.conf.tpl @@ -29,7 +29,11 @@ authority buypass-test { next if $host =~ /^(ipv4|ipv6)\./; -%> <% # Check if this host has ipv4/ipv6 subdomains that need to be included as SANs - my @alt_names = ("www.$host"); + my @alt_names; + # Don't add www prefix for f3s hosts - they don't have DNS records for www variants + unless (grep { $_ eq $host } @$f3s_hosts) { + push @alt_names, "www.$host"; + } for my $sub_host (@$acme_hosts) { if ($sub_host =~ /^(ipv4|ipv6)\.\Q$host\E$/) { push @alt_names, $sub_host; |