bundlewrap

cronekorkn/bundlewrap

Fork 0

Commit graph

Author	SHA1	Message	Date
CroneKorkN	3bffd7b8f5	bind-acme: guard against letsencrypt clients without internal LAN The acme_zone reactor's first ACL branch iterates nodes that have letsencrypt/domains and reads their network/internal/ipv4. Until now that crashed for any node with letsencrypt but no internal LAN — the node had to either fake a network/internal/ipv4 or skip TLS. Add a `metadata.get(..., None)` guard to filter such nodes out of this branch. The wireguard branch below already covers them (any node with the wireguard bundle gets its wireguard/my_ip into the ACL), so ACME DNS-01 reachability still works for cross-Internet nodes that join the fleet via wireguard. Surfaced by ovh.left4me: dedicated server with no Hetzner/internal network, reachable from the bind-acme node only via wireguard.	2026-05-10 18:23:21 +02:00
mwiegand	93d9f1af39	acme allow wireguard ips	2021-11-08 22:48:24 +01:00
mwiegand	fdcfa8a82b	letsencrypt dns challenge	2021-11-08 10:49:37 +01:00

Author

SHA1

Message

Date

CroneKorkN

3bffd7b8f5

bind-acme: guard against letsencrypt clients without internal LAN

The acme_zone reactor's first ACL branch iterates nodes that have
letsencrypt/domains and reads their network/internal/ipv4. Until now
that crashed for any node with letsencrypt but no internal LAN — the
node had to either fake a network/internal/ipv4 or skip TLS.

Add a `metadata.get(..., None)` guard to filter such nodes out of this
branch. The wireguard branch below already covers them (any node with
the wireguard bundle gets its wireguard/my_ip into the ACL), so ACME
DNS-01 reachability still works for cross-Internet nodes that join the
fleet via wireguard.

Surfaced by ovh.left4me: dedicated server with no Hetzner/internal
network, reachable from the bind-acme node only via wireguard.

2026-05-10 18:23:21 +02:00

mwiegand

93d9f1af39

acme allow wireguard ips

2021-11-08 22:48:24 +01:00

mwiegand

fdcfa8a82b

letsencrypt dns challenge

2021-11-08 10:49:37 +01:00

3 commits