func authz(ctx context.Context, client *acme.Client, domain string) error {
z, err := client.Authorize(ctx, domain)
if err != nil {
return err
}
if z.Status == acme.StatusValid {
return nil
}
var chal *acme.Challenge
for _, c := range z.Challenges {
if (c.Type == "http-01" && !certDNS) || (c.Type == "dns-01" && certDNS) {
chal = c
break
}
}
if chal == nil {
return errors.New("no supported challenge found")
}
// respond to http-01 challenge
ln, err := net.Listen("tcp", certAddr)
if err != nil {
return fmt.Errorf("listen %s: %v", certAddr, err)
}
defer ln.Close()
switch {
case certManual:
// manual challenge response
tok, err := client.HTTP01ChallengeResponse(chal.Token)
if err != nil {
return err
}
file, err := challengeFile(domain, tok)
if err != nil {
return err
}
fmt.Printf("Copy %s to http://%s%s and press enter.\n",
file, domain, client.HTTP01ChallengePath(chal.Token))
var x string
fmt.Scanln(&x)
case certDNS:
val, err := client.DNS01ChallengeRecord(chal.Token)
if err != nil {
return err
}
fmt.Printf("Add a TXT record for _acme-challenge.%s with the value %q and press enter after it has propagated.\n",
domain, val)
var x string
fmt.Scanln(&x)
default:
// auto, via local server
val, err := client.HTTP01ChallengeResponse(chal.Token)
if err != nil {
return err
}
path := client.HTTP01ChallengePath(chal.Token)
go http.Serve(ln, http01Handler(path, val))
}
if _, err := client.Accept(ctx, chal); err != nil {
return fmt.Errorf("accept challenge: %v", err)
}
_, err = client.WaitAuthorization(ctx, z.URI)
return err
}
