From b4643fd27f19d10fab2fbadb4fca3c83b960d4e0 Mon Sep 17 00:00:00 2001
From: mutantmonkey <mutantmonkey@mutantmonkey.in>
Date: Fri, 1 Jul 2022 19:32:28 -0700
Subject: [PATCH] Enable TLS-ALPN-01 challenge for ACME

This type of challenge works purely at the TLS layer and is compatible
with SNI proxies. The existing HTTP-01 challenge support has been left
as-is.

Fixes #1476.
---
 service/httpd/httpd.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/service/httpd/httpd.go b/service/httpd/httpd.go
index c4464b51..a0bcab30 100644
--- a/service/httpd/httpd.go
+++ b/service/httpd/httpd.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
 )
 
@@ -128,6 +129,7 @@ func startAutoCertTLSServer(server *http.Server, certDomain string, store *stora
 	}
 	server.TLSConfig = tlsConfig()
 	server.TLSConfig.GetCertificate = certManager.GetCertificate
+	server.TLSConfig.NextProtos = []string{"h2", "http/1.1", acme.ALPNProto}
 
 	// Handle http-01 challenge.
 	s := &http.Server{