Also check when getting the cert

server/private/routers/certificates/createCertificate.ts

@@ -15,7 +15,6 @@ import { Certificate, certificates, db, domains } from "@server/db";
 import logger from "@server/logger";
 import { Transaction } from "@server/db";
 import { eq, or, and, like } from "drizzle-orm";
-import privateConfig from "#private/lib/config";
 
 /**
  * Checks if a certificate exists for the given domain.
@@ -27,10 +26,6 @@ export async function createCertificate(
     domain: string,
     trx: Transaction | typeof db
 ) {
-    if (!privateConfig.getRawPrivateConfig().flags.use_pangolin_dns) {
-        return;
-    }
-
     const [domainRecord] = await trx
         .select()
         .from(domains)

server/private/routers/certificates/getCertificate.ts

@@ -41,8 +41,9 @@ async function query(domainId: string, domain: string) {
     }
 
     let existing: any[] = [];
-    if (domainRecord.type == "ns") {
+    if (domainRecord.type == "ns" || domainRecord.type == "wildcard") { // the manual "wildcard" domains can have wildcard certs
         const domainLevelDown = domain.split(".").slice(1).join(".");
+        const wildcardPrefixed = `*.${domainLevelDown}`;
 
         existing = await db
             .select({
@@ -64,7 +65,8 @@ async function query(domainId: string, domain: string) {
                     eq(certificates.wildcard, true), // only NS domains can have wildcard certs
                     or(
                         eq(certificates.domain, domain),
-                        eq(certificates.domain, domainLevelDown)
+                        eq(certificates.domain, domainLevelDown),
+                        eq(certificates.domain, wildcardPrefixed)
                     )
                 )
             );