also configure acme validation with http-01, and fix a bug that caused tls cert refresh at startup to not always run

we already do acme tls-alpn-01 validation, and still require it (we could relax this at some point). http-01 is easy to add. the bug was that the list of acme managers and hosts to refresh was overwritten by another listener. the listeners are a map, and we range over it, so the order we handle them is random. if the public listener was handled first, and an internal handler later, the list was reset again.
2025-07-10 07:14:40 +03:00 · 2023-03-10 17:55:37 +01:00
parent f60ad1452f
commit bddc8e4062
3 changed files with 28 additions and 15 deletions
--- a/autotls/autotls_test.go
+++ b/autotls/autotls_test.go
@ -36,6 +36,9 @@ func TestAutotls(t *testing.T) {
 	if err := m.HostPolicy(context.Background(), "mox.example"); err != nil {
 		t.Fatalf("hostpolicy, got err %v, expected no error", err)
 	}
+	if err := m.HostPolicy(context.Background(), "mox.example:80"); err != nil {
+		t.Fatalf("hostpolicy, got err %v, expected no error", err)
+	}
 	if err := m.HostPolicy(context.Background(), "other.mox.example"); err == nil || !errors.Is(err, errHostNotAllowed) {
 		t.Fatalf("hostpolicy, got err %v, expected errHostNotAllowed", err)
 	}