newACMEClient creates a new underlying ACME client using the settings in am, independent of any particular ACME account. If useTestCA is true, am.TestCA will be used if it is set; otherwise, the primary CA will be used.
(useTestCA bool)
| 169 | // independent of any particular ACME account. If useTestCA is true, am.TestCA |
| 170 | // will be used if it is set; otherwise, the primary CA will be used. |
| 171 | func (iss *ACMEIssuer) newACMEClient(useTestCA bool) (*acmez.Client, error) { |
| 172 | client, err := iss.newBasicACMEClient() |
| 173 | if err != nil { |
| 174 | return nil, err |
| 175 | } |
| 176 | |
| 177 | // fill in a little more beyond a basic client |
| 178 | if useTestCA && iss.TestCA != "" { |
| 179 | client.Client.Directory = iss.TestCA |
| 180 | } |
| 181 | certObtainTimeout := iss.CertObtainTimeout |
| 182 | if certObtainTimeout == 0 { |
| 183 | certObtainTimeout = DefaultACME.CertObtainTimeout |
| 184 | } |
| 185 | client.Client.PollTimeout = certObtainTimeout |
| 186 | client.ChallengeSolvers = make(map[string]acmez.Solver) |
| 187 | |
| 188 | // configure challenges (most of the time, DNS challenge is |
| 189 | // exclusive of other ones because it is usually only used |
| 190 | // in situations where the default challenges would fail) |
| 191 | if iss.DNS01Solver == nil { |
| 192 | // enable HTTP-01 challenge |
| 193 | if !iss.DisableHTTPChallenge { |
| 194 | var solver acmez.Solver = &httpSolver{ |
| 195 | handler: iss.HTTPChallengeHandler(http.NewServeMux()), |
| 196 | address: net.JoinHostPort(iss.ListenHost, strconv.Itoa(iss.getHTTPPort())), |
| 197 | } |
| 198 | if !iss.DisableDistributedSolvers { |
| 199 | solver = distributedSolver{ |
| 200 | storage: iss.config.Storage, |
| 201 | storageKeyIssuerPrefix: iss.storageKeyCAPrefix(client.Directory), |
| 202 | solver: solver, |
| 203 | } |
| 204 | } |
| 205 | client.ChallengeSolvers[acme.ChallengeTypeHTTP01] = solver |
| 206 | } |
| 207 | |
| 208 | // enable TLS-ALPN-01 challenge |
| 209 | if !iss.DisableTLSALPNChallenge { |
| 210 | var solver acmez.Solver = &tlsALPNSolver{ |
| 211 | config: iss.config, |
| 212 | address: net.JoinHostPort(iss.ListenHost, strconv.Itoa(iss.getTLSALPNPort())), |
| 213 | } |
| 214 | if !iss.DisableDistributedSolvers { |
| 215 | solver = distributedSolver{ |
| 216 | storage: iss.config.Storage, |
| 217 | storageKeyIssuerPrefix: iss.storageKeyCAPrefix(client.Directory), |
| 218 | solver: solver, |
| 219 | } |
| 220 | } |
| 221 | client.ChallengeSolvers[acme.ChallengeTypeTLSALPN01] = solver |
| 222 | } |
| 223 | } else { |
| 224 | // use DNS challenge exclusively |
| 225 | client.ChallengeSolvers[acme.ChallengeTypeDNS01] = iss.DNS01Solver |
| 226 | } |
| 227 | |
| 228 | // wrap solvers in our wrapper so that we can keep track of challenge |
no test coverage detected