fix: correctly support cname follow on and off#6
Merged
bittermandel merged 4 commits intomainfrom Feb 11, 2025
Merged
Conversation
mikn
reviewed
Feb 10, 2025
| entry = strings.TrimSuffix(entry, ".") | ||
| entry = strings.Replace(entry, ".", "_", -1) | ||
| entry = entry + ".verify" | ||
|
|
Member
There was a problem hiding this comment.
Reading the code for the webhook, I think maybe the only bug is that we are using cn.ResolvedFQDN instead of domain which is returned from c.getDomainAndEntry()? That function seems to strip both the . and the cn.ResolvedZone which (probably) would be the equivalent of at least molnett.net in our case.
Then we would not need the nested strings.Replace that you have - but I may be reading the code wrong!
Contributor
Author
There was a problem hiding this comment.
You are probably right that we can use domain or ch.name straight off when we use Root Domain. I'll try it later
mikn
approved these changes
Feb 11, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
There are some issues with the DNS resolving. If we enable CNameFollow, e.g. _acme-challenge.example.com resolves to example_com.verify.molnett.net which the cleaning turns into example_com_verify_molnett_net.verify.molnett.net. This is incorrect. So the changes fixes this issue by removing the verify part from the resolved FQDN.
In case the domain has to been setup yet, it will simply resolve to the base domain.
e.g. _acme-challenge.example.com is translated to to example_com.verify.molnett.net