discharge icon indicating copy to clipboard operation
discharge copied to clipboard

Published 20 hours ago verified publisher icon brandonweiss

create-certificate to also check "additional names"?

Open mvberg opened this issue 6 years ago • 3 comments

v nice lib - thank you @brandonweiss

it would be nice to have create-certificate also check "Additional names" in addition to the DomainName

similar to how create-distribution checks on Aliases

use case: i would like to reuse the same certificate across my dev.*, stage.* and www.* environments (rather than having to configure certificates for each env)

i can send a PR if you would consider this behavior.

cheers.

mvberg avatar Oct 15 '18 22:10 mvberg

@mvberg Thanks!

Hmm… 🤔

So the way I designed it is when the certificate gets created, the primary domain name is whatever you put as the domain in your configuration (e.g. domain.com), and the “additional names” is a wildcard on that domain (*.domain.com). So… shouldn’t it just work?

Or is the issue that you already have a certificate that was manually created, and what you’re using as the domain name doesn’t match the primary domain on the certificate, but it is in the “additional names”?

brandonweiss avatar Oct 18 '18 17:10 brandonweiss

Or is the issue that you already have a certificate that was manually created, and what you’re using as the domain name doesn’t match the primary domain on the certificate, but it is in the “additional names”?

exactly this. i have a "wildcard" certificate that i would like to reuse. but thinking about this again, what about adding an option to set the certificate ARN in the .discharge config file and doing something like:

module.exports = {
  title: "Create certificate",
  skip: async (context) => {
    let domain = context.config.domain

    if (context.config.certificate_arn) { // existing certificate
      context.certificateARN = context.config.certificate_arn;
      return "Using Certificate from config"
    }

mvberg avatar Nov 05 '18 21:11 mvberg

Before I shipped Discharge I waffled back and forth about wether or not to expose configuration options for declaring the IDs of certain, possibly existing resources, like a certificate or distribution. Ultimately I decided not to, in part because it wouldn’t be necessary most of the time, but also because I’m generally allergic to adding options like this unless absolutely necessary—I prefer convention over configuration.

I think there might be a good way to solve this, though, without configuration, I’m just not sure I have all the right information yet. For your existing certificate, can you tell me exactly what the values of DomainName and SubjectAlternativeNames are?

Thanks!

brandonweiss avatar Nov 13 '18 20:11 brandonweiss