Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hostnames aren't being normalized to lowercase when managing certs #6456

Closed
low613 opened this issue Jul 15, 2024 · 2 comments
Closed

Hostnames aren't being normalized to lowercase when managing certs #6456

low613 opened this issue Jul 15, 2024 · 2 comments
Assignees
@mholt
Labels
bug 🐞 Something isn't working
Milestone
v2.8.5

Comments

@low613
Copy link

low613 commented Jul 15, 2024

Version effected: v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
If I have an uppercase domain name in the host matcher in the json config, caddy will fail to generate a certificate
for example with this config

{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "listen": [
            ":443"
          ],
          "routes": [
            {
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "body": "hello",
                          "handler": "static_response"
                        }
                      ]
                    }
                  ]
                }
              ],
              "match": [
                {
                  "host": [
                    "CADDY.lowinger.cloud"
                  ]
                }
              ],
              "terminal": true
            }
          ]
        }
      }
    }
  },
  "logging": {
    "logs": {
      "default": {
        "level": "DEBUG"
      }
    }
  }
}

When generating a cert I get this error in the logs

2024/07/15 23:41:30.338 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "CADDY.lowinger.cloud", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[CADDY.lowinger.cloud] validating order identifiers: identifiers in Order [{dns caddy.lowinger.cloud}] do not match the identifiers extracted from CSR [{dns CADDY.lowinger.cloud}] (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2024/07/15 23:41:30.338 DEBUG   events  event   {"name": "cert_failed", "id": "d32ac37d-1bb9-4904-90a8-890247edfa25", "origin": "tls", "data": {"error":{},"identifier":"CADDY.lowinger.cloud","issuers":["acme-v02.api.letsencrypt.org-directory"],"renewal":false}}
2024/07/15 23:41:30.338 ERROR   tls.obtain      will retry      {"error": "[CADDY.lowinger.cloud] Obtain: [CADDY.lowinger.cloud] validating order identifiers: identifiers in Order [{dns caddy.lowinger.cloud}] do not match the identifiers extracted from CSR [{dns CADDY.lowinger.cloud}] (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 3.653341393, "max_duration": 2592000}

When i set the domain name with caps in a Caddyfile, it does convert it to lowercase in the json config, but I think the json adapter should also be able to convert domain names to lowercase before requesting the cert.
@low613 low613 mentioned this issue Jul 16, 2024
Closed
@mholt
Copy link
Member

mholt commented Jul 18, 2024

Thanks for the report!

This needs to be fixed in CertMagic and/or ACMEz (likely both). I'll push fixes as soon as I can. (Just catching up to things.)

@mholt mholt added the bug 🐞 Something isn't working label Jul 18, 2024
@mholt mholt added this to the v2.8.5 milestone Jul 18, 2024
@mholt mholt self-assigned this Jul 18, 2024
@mholt mholt changed the title Json host matcher not handling upper case Hostnames aren't being normalized to lowercase when managing certs Jul 18, 2024
mholt added a commit to caddyserver/certmagic that referenced this issue Jul 22, 2024
@mholt
Normalize domain before managing
1ff1ad8 
Fix github.com/caddyserver/caddy/issues/6456
@mholt
Copy link
Member

mholt commented Jul 22, 2024

Fixed in caddyserver/certmagic@1ff1ad8

@mholt mholt closed this as completed Jul 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mholt mholt

Labels
bug 🐞 Something isn't working
Projects
None yet
Milestone
v2.8.5
Development

Successfully merging a pull request may close this issue.

autohttps: ensure domain name is lowercase low613/caddy
2 participants
@mholt @low613