Allow multiple issuers

Question

Allow multiple issuers

Closed this issue 4 months ago · 5 comments

Is your feature request related to a problem? Please describe.

It's currently only possible to check for one issuer. Caddyserver might use more than one ACME CA to retrieve certificates

Describe the solution you'd like

It should be possible to allow multiple issuers, e.g. ZeroSSL and Let's Encrypt, as possible valid issuers of a certificate

Describe alternatives you've considered

Writing my own check

Additional context

None

Answer 1 · 2024-09-24T17:15:27.000Z

Ah, missed that it's possible to specify a regex. Thanks for the awesome check script!

Answer 2 · 2024-09-24T18:59:25.000Z

Mmm actually it would be nice to be able to specify more than issuer (it would be OK if one matches). A regex not so user friendly. I'll take a look.

Answer 3 · 2024-09-24T19:12:37.000Z

Just as an FYI: "Let's Encrypt|ZeroSSL" works for me.

Being able to specify --issuer multiple times seems nice, but I'd still suggest to document the possible usage of a regex (or I've missed that part in the docs)

Answer 4 · 2024-09-24T19:18:29.000Z

To be honest it's not something I explicitly did. I was checking the issuer with

echo "${ISSUERS}" | "${GREP_BIN}" -E "^${ISSUER}\$"

Which gives a lot of flexibility.

I was already implementing the feature but your solution seems better:

I would have to implement two loops (one over the specified issuers and one over the issuers in the cert)
The | is not allowed in a field of the issuer

The command line seems nicer. I would add it to the documentation and avoid the specification of more then one option.

At the moment you can specify as many --issuer as you want and only the last one is consideredl

Answer 5 · 2024-09-24T21:23:08.000Z

I improved the documentation and added integrity tests to avoid a command line option being specified more than once (but for the few options that specifically allow it).