push.rocks/smartacme
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Philipp Kunz
2025-05-04 10:29:33 +00:00
parent 1698abef16
commit 0c6da9ff74
6 changed files with 73 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
readme.plan.md
View File

@ -1,16 +1,27 @@
# Plan: Move interestMap from certmanager to smartacme core
# Plan: Add wildcard domain support to SmartAcme
## Goal
- Pull the interest coordination mechanism out of the ICertManager implementations and into the SmartAcme class.
- Enable SmartAcme to accept wildcard domain inputs like `*.domain.com` or `*.sub.example.com` and correctly request and match wildcard certificates.
## Steps
1. Remove `interestMap` from `ICertManager` interface (`ts/interfaces/certmanager.ts`) and its import of `InterestMap`.
2. Strip out `interestMap` property, initialization, and usage from `MemoryCertManager` and `MongoCertManager` (`ts/certmanagers/*.ts`).
3. In `Smartacme` class (`ts/smartacme.classes.smartacme.ts`):
- Add a private `interestMap: plugins.lik.InterestMap<string, SmartacmeCert>` property.
- Initialize it in the constructor: `this.interestMap = new plugins.lik.InterestMap((domain) => domain);`.
- Update `getCertificateForDomain()` and any other consumers to reference `this.interestMap` instead of `this.certmanager.interestMap`.
4. Remove any tests or code that reference the old `interestMap` on `ICertManager` (if any).
5. Run CI (`pnpm build` and `pnpm test`) and fix any regressions.
Please review and confirm before we begin the refactor.
1. [x] Extend SmartacmeCertMatcher:
- [x] Update `getCertificateDomainNameByDomainName()` to handle wildcard prefixes:
- If input starts with `*.` strip the prefix and return the base domain.
- For example:
- `*.example.com``example.com`
- `*.sub.example.com``sub.example.com`
- `*.a.b.example.com` `a.b.example.com`
- [x] Ensure existing logic for non-wildcards remains unchanged.
2. [x] Update `SmartAcme.getCertificateForDomain()`:
- [x] Detect wildcard inputs (`domainArg.startsWith('*.')`).
- [x] For wildcard cases, enforce DNS-01 challenge only (throw error if handlers don't support DNS-01).
- [x] Use the matcher result to request wildcard certificate identifiers (e.g., `value: '*.baseDomain'`).
3. [x] Update tests:
- [x] Add unit tests in `test/test.certmatcher.ts` for wildcard handling:
- `*.example.com``example.com`
- `*.sub.example.com``sub.example.com`
- `*.a.b.example.com``a.b.example.com`
- [x] Add integration stub in `test/test.smartacme.ts` for wildcard input in integration mode:
- Call `getCertificateForDomain('*.domain.com')` and expect returned cert `domainName` equals `*.domain.com`.
4. [x] Update documentation (README.md) if needed.
5. [x] Run CI (`pnpm build` & `pnpm test`) and fix any regressions.