admin/felhom-controller
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

v0.42.0: real Let's Encrypt cert via wildcard proactive issuance

Browse Source 
traefik's websecure entrypoint now declares http.tls.domains *.<domain>+apex so
it proactively obtains the wildcard via Cloudflare DNS-01 at startup (cert ready
before first client, every router serves it by SNI). Gated on CFAPIToken (DNS-01).
TraefikData gains Domain; ensureTraefik wires cfg.Customer.Domain.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
authentik Default Admin
2026-06-11 17:48:15 +02:00
parent 80216e6ce5
commit 84c3e84641
5 changed files with 42 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
controller/internal/stacks/infra.go
+1
View File
@@ -92,6 +92,7 @@ func (m *Manager) ensureTraefik(dir string) error {
return fmt.Errorf("chmod acme.json: %w", err)
}
files, err := infra.RenderTraefik(infra.TraefikData{
Domain: m.cfg.Customer.Domain,
ACMEEmail: m.cfg.Customer.Email,
CFAPIToken: m.cfg.Infrastructure.CFAPIToken,
})