use www.* as alt name in certs

2 files changed, 13 insertions, 8 deletions

diff --git a/frontends/etc/acme-client.conf.tpl b/frontends/etc/acme-client.conf.tpl
index b52f5b0..6d0e2df 100644
--- a/frontends/etc/acme-client.conf.tpl
+++ b/frontends/etc/acme-client.conf.tpl
@@ -24,13 +24,17 @@ authority buypass-test {
 }
 
 <% for my $host (@$acme_hosts) { -%>
-<%   for my $prefix ('', 'www.', 'standby.') { -%>
-domain <%= $prefix.$host %> {
-	domain key "/etc/ssl/private/<%= $prefix.$host %>.key"
-	domain full chain certificate "/etc/ssl/<%= $prefix.$host %>.fullchain.pem"
+domain <%= $host %> {
+	alternative names { www.<%= $host %> }
+	domain key "/etc/ssl/private/<%= $host %>.key"
+	domain full chain certificate "/etc/ssl/<%= $host %>.fullchain.pem"
+	sign with letsencrypt
+}
+domain standby.<%= $host %> {
+	domain key "/etc/ssl/private/standby.<%= $host %>.key"
+	domain full chain certificate "/etc/ssl/standby.<%= $host %>.fullchain.pem"
 	sign with letsencrypt
 }
-<%   } -%>
 <% } -%>
 
 # For the server itself (e.g. TLS, or monitoring)
diff --git a/frontends/etc/relayd.conf.tpl b/frontends/etc/relayd.conf.tpl
index 1900c0b..68b9e80 100644
--- a/frontends/etc/relayd.conf.tpl
+++ b/frontends/etc/relayd.conf.tpl
@@ -22,9 +22,10 @@ table <localhost> {
 }
 
 http protocol "https" {
-    <% for my $host (@$acme_hosts) { for my $prefix (@prefixes) { -%>
-    tls keypair <%= $prefix.$host -%>
-    <% } } -%>
+    <% for my $host (@$acme_hosts) { -%>
+    tls keypair <%= $host %>
+    tls keypair standby.<%= $host %>
+    <% } -%>
     tls keypair <%= $hostname.'.'.$domain -%>
 
     match request header set "X-Forwarded-For" value "$REMOTE_ADDR"