acme/autocert: include rejected hostname in TLS handshake error when host not configured

More informative error message enables HTTPS server configuration mistakes to be corrected quickly, since log files will now include the rejected hostname. If the hostname should be accepted, it can be added to the HostWhitelist Policy. Fixes golang/go#28345 Change-Id: I801c82f0d3b19bc34592c9cd0bce77f1b284d19d GitHub-Last-Rev: 5dfe731d73 GitHub-Pull-Request: golang/crypto#63 Reviewed-on: https://go-review.googlesource.com/c/144337 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
2018-10-24 15:56:48 +00:00 · 2018-10-24 15:56:48 +00:00 · 74cb1d3d52
--- a/acme/autocert/autocert.go
+++ b/acme/autocert/autocert.go
@ -69,7 +69,7 @@ func HostWhitelist(hosts ...string) HostPolicy {
 	}
 	return func(_ context.Context, host string) error {
 		if !whitelist[host] {
-			return errors.New("acme/autocert: host not configured")
+			return fmt.Errorf("acme/autocert: host %q not configured in HostWhitelist", host)
 		}
 		return nil
 	}