Fix certificate generation failure when SSL_ALT_NAME is empty

[devin-ai-integration]

Fix certificate generation failure when SSL_ALT_NAME is empty

Summary

Fixes #35. When SSL_ALT_NAME is empty or unset (e.g. users upgrading from older versions who don't have it in their docker-compose.yml), the openssl command fails with X509V3_parse_list:invalid null name because -addext "subjectAltName = " is passed with an empty value.

This adds a guard so that -addext is only included when SSL_ALT_NAME is non-empty. When it is empty, the certificate is generated without the SAN extension instead of failing.

Review & Testing Checklist for Human

• Verify in a real Docker/Sail environment without SSL_ALT_NAME defined — cert should generate successfully without the SAN extension
• Verify with SSL_ALT_NAME=DNS:localhost — cert should generate with SAN as before (no regression)
• Inspect the generated cert (openssl x509 -in server.pem -text -noout) in both cases to confirm expected extensions

Notes

• There are no automated tests for this shell script; manual Docker verification is required
• Requested by: @ryoluo
• Link to Devin run: https://app.devin.ai/sessions/34d95668212e4f198ed7fef19e05591c

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring