certmagic

certmagic copied to clipboard

DefaultCertificateSelector should log a debug message if no matching certificates are found.

3

## What would you like to have changed? `DefaultCertificateSelector` in [handshake.go](https://github.com/caddyserver/certmagic/blob/master/handshake.go) should log a debug message if no matching certificates are found. There is currently just a comment for that...

ryancdotorg

Question: Fencing tokens for storage

4

## What is your question? When implementing a storage backend the comment describing `Lock()` mentions the use of fencing tokens: https://github.com/caddyserver/certmagic/blob/9826a4c3549441ba6dddcfc5d561f097feb44e2a/storage.go#L108-L112 The way I understand this is that once you...

eest

Currently, we only use `DefaultServerName` for choosing a certificate. This doesn't make a lot of sense, because if that is set to a name that doesn't have a cert managed...

mholt

Can DNS be used alongside ALPN?

5

## What is your question? In the [docs](https://github.com/caddyserver/certmagic?tab=readme-ov-file#dns-challenge) for the DNS challenge, it says enabling DNS disables the other challenges. I have an interactive application that needs to get certs...

anderspitman

Question: How to issue wildcard certificates rather than exact subject name in OnDemand?

3

## What is your question? I'm wanting to use OnDemand, and be able to handle unknown domains for which I may not have DNS access, but also manage subdomains multiple...

hazycora

Config option for what the Caddy ask endpoint protects / DecisionFunc

2

## What would you like to have changed? Being completely unfamiliar with the CertMagic codebase, I am not sure ;) I was asked on the Caddy forum to request a...

franklouwers

Do calls to storage Load need to be Lock protected?

5

by contract, do calls to load need to be protected by the storage lock? from what I see, the lock is used only to protect for simultaneous writes. it's not...

elee1766

Use posix file advisory locks on supported platforms

1

the current storage implementation uses a home brew approach to locking a file for a specific process. this is a feature built into posix compatible filesystems. certmagic filestorage should capability...

elee1766

Allow Certmagic to generate 'next' private key to allow safe TLSA/DANE deployment and rollover

5

## What would you like to have changed? DANE (DNS-based Authentication of Named Entities) is a protocol that allows X.509 certificates to be bound to DNS names using Domain Name...

mdbraber

memory storage

4

renames existing memoryStorage -> testingMemoryStorage, as it is a special storage only used for testing creates memoryStorage, which can only be created through calling `NewMemoryStorage` memory storage is thread safe,...

elee1766