Enable TLS-ALPN-01 challenge for ACME
This type of challenge works purely at the TLS layer and is compatible with SNI proxies. The existing HTTP-01 challenge support has been left as-is. Fixes #1476.
This commit is contained in:
parent
d9cf3f9c38
commit
b4643fd27f
1 changed files with 2 additions and 0 deletions
|
@ -26,6 +26,7 @@ import (
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"github.com/prometheus/client_golang/prometheus/promhttp"
|
"github.com/prometheus/client_golang/prometheus/promhttp"
|
||||||
|
"golang.org/x/crypto/acme"
|
||||||
"golang.org/x/crypto/acme/autocert"
|
"golang.org/x/crypto/acme/autocert"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -128,6 +129,7 @@ func startAutoCertTLSServer(server *http.Server, certDomain string, store *stora
|
||||||
}
|
}
|
||||||
server.TLSConfig = tlsConfig()
|
server.TLSConfig = tlsConfig()
|
||||||
server.TLSConfig.GetCertificate = certManager.GetCertificate
|
server.TLSConfig.GetCertificate = certManager.GetCertificate
|
||||||
|
server.TLSConfig.NextProtos = []string{"h2", "http/1.1", acme.ALPNProto}
|
||||||
|
|
||||||
// Handle http-01 challenge.
|
// Handle http-01 challenge.
|
||||||
s := &http.Server{
|
s := &http.Server{
|
||||||
|
|
Loading…
Reference in a new issue