httpcaddyfile: Fix automation policies

Fixes a bug introduced in #3862
caddyserver · Feb 8, 2021 · 653a0d3 · 653a0d3
1 parent 0aefa7b
commit 653a0d3
Show file tree

Hide file tree

Showing 2 changed files with 91 additions and 1 deletion.
diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -125,11 +125,12 @@ func (st ServerType) buildTLSApp(
 			if issuerVals, ok := sblock.pile["tls.cert_issuer"]; ok {
 				var issuers []certmagic.Issuer
 				for _, issuerVal := range issuerVals {
-					ap.Issuers = append(ap.Issuers, issuerVal.Value.(certmagic.Issuer))
+					issuers = append(issuers, issuerVal.Value.(certmagic.Issuer))
 				}
 				if ap == catchAllAP && !reflect.DeepEqual(ap.Issuers, issuers) {
 					return nil, warnings, fmt.Errorf("automation policy from site block is also default/catch-all policy because of key without hostname, and the two are in conflict: %#v != %#v", ap.Issuers, issuers)
 				}
+				ap.Issuers = issuers
 			}
 
 			// custom bind host

diff --git a/caddytest/integration/caddyfile_adapt/tls_automation_policies_3.txt b/caddytest/integration/caddyfile_adapt/tls_automation_policies_3.txt
@@ -0,0 +1,89 @@
+# https://caddy.community/t/caddyfile-having-individual-sites-differ-from-global-options/11297
+{
+	local_certs
+}
+
+a.example.com {
+	tls internal
+}
+
+b.example.com {
+	tls abc@example.com
+}
+
+c.example.com {
+}
+----------
+{
+	"apps": {
+		"http": {
+			"servers": {
+				"srv0": {
+					"listen": [
+						":443"
+					],
+					"routes": [
+						{
+							"match": [
+								{
+									"host": [
+										"a.example.com"
+									]
+								}
+							],
+							"terminal": true
+						},
+						{
+							"match": [
+								{
+									"host": [
+										"b.example.com"
+									]
+								}
+							],
+							"terminal": true
+						},
+						{
+							"match": [
+								{
+									"host": [
+										"c.example.com"
+									]
+								}
+							],
+							"terminal": true
+						}
+					]
+				}
+			}
+		},
+		"tls": {
+			"automation": {
+				"policies": [
+					{
+						"subjects": [
+							"b.example.com"
+						],
+						"issuers": [
+							{
+								"email": "abc@example.com",
+								"module": "acme"
+							},
+							{
+								"email": "abc@example.com",
+								"module": "zerossl"
+							}
+						]
+					},
+					{
+						"issuers": [
+							{
+								"module": "internal"
+							}
+						]
+					}
+				]
+			}
+		}
+	}
+}