tls: use only DNS01 challenges

Alan Pearce alan@alanpearce.eu

Wed, 27 Nov 2024 23:39:02 +0100

commit

0240a3f3d9bd8688ee630ebc6110c78f3a84e953

parent

45d56094ee84b90fe50fc3a99d22d8fdc565d29b

1 files changed, 6 insertions(+), 4 deletions(-)

jump to

internal/server/tls.go

M internal/server/tls.go → internal/server/tls.go

@@ -83,10 +83,12 @@ return errors.Wrap(err, "could not parse PowerDNS ACME config") 		}
 
 		issuer = certmagic.NewACMEIssuer(cfg, certmagic.ACMEIssuer{
-			CA:     certmagic.LetsEncryptProductionCA,
-			Email:  s.config.Email,
-			Agreed: true,
-			Logger: certmagic.Default.Logger,
+			CA:                      certmagic.LetsEncryptProductionCA,
+			Email:                   s.config.Email,
+			Agreed:                  true,
+			Logger:                  certmagic.Default.Logger,
+			DisableHTTPChallenge:    true,
+			DisableTLSALPNChallenge: true,
 			DNS01Solver: &certmagic.DNS01Solver{
 				DNSManager: certmagic.DNSManager{
 					DNSProvider: pdns,

all repos — website @ 0240a3f3d9bd8688ee630ebc6110c78f3a84e953

My website