b6686a54d8
We have users that have site blocks like *.*.tld with on-demand TLS enabled. While *.*.tld does not qualify for a publicly-trusted cert due to its wildcards, On-Demand TLS does not actually obtain a cert with those wildcards, since it uses the actual hostname on the handshake. This improves on that logic, but I am still not 100% satisfied with the result since I think we need to also check if another site block is more specific, like foo.example.tld, which might not have on-demand TLS enabled, and make sure an automation policy gets created before the more general policy with on-demand... |
||
|---|---|---|
| .. | ||
| caddyhttp | ||
| caddypki | ||
| caddytls | ||
| filestorage | ||
| logging | ||
| metrics | ||
| standard | ||