func authz(ctx context.Context, client *acme.Client, domain string) error { z, err := client.Authorize(ctx, domain) if err != nil { return err } if z.Status == acme.StatusValid { return nil } var chal *acme.Challenge for _, c := range z.Challenges { if (c.Type == "http-01" && !certDNS) || (c.Type == "dns-01" && certDNS) { chal = c break } } if chal == nil { return errors.New("no supported challenge found") } // respond to http-01 challenge ln, err := net.Listen("tcp", certAddr) if err != nil { return fmt.Errorf("listen %s: %v", certAddr, err) } defer ln.Close() switch { case certManual: // manual challenge response tok, err := client.HTTP01ChallengeResponse(chal.Token) if err != nil { return err } file, err := challengeFile(domain, tok) if err != nil { return err } fmt.Printf("Copy %s to http://%s%s and press enter.\n", file, domain, client.HTTP01ChallengePath(chal.Token)) var x string fmt.Scanln(&x) case certDNS: val, err := client.DNS01ChallengeRecord(chal.Token) if err != nil { return err } fmt.Printf("Add a TXT record for _acme-challenge.%s with the value %q and press enter after it has propagated.\n", domain, val) var x string fmt.Scanln(&x) default: // auto, via local server val, err := client.HTTP01ChallengeResponse(chal.Token) if err != nil { return err } path := client.HTTP01ChallengePath(chal.Token) go http.Serve(ln, http01Handler(path, val)) } if _, err := client.Accept(ctx, chal); err != nil { return fmt.Errorf("accept challenge: %v", err) } _, err = client.WaitAuthorization(ctx, z.URI) return err }