diff --git a/acme/tls_sni_challenge.go b/acme/tls_sni_challenge.go index c36f6acc..34383cbf 100644 --- a/acme/tls_sni_challenge.go +++ b/acme/tls_sni_challenge.go @@ -40,12 +40,12 @@ func (t *tlsSNIChallenge) Solve(chlng challenge, domain string) error { return t.validate(t.jws, domain, chlng.URI, challenge{Resource: "challenge", Type: chlng.Type, Token: chlng.Token, KeyAuthorization: keyAuth}) } -// TLSSNI01ChallengeCert returns a certificate for the `tls-sni-01` challenge -func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) { +// TLSSNI01ChallengeCert returns a certificate and target domain for the `tls-sni-01` challenge +func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, string, error) { // generate a new RSA key for the certificates tempPrivKey, err := generatePrivateKey(RSA2048) if err != nil { - return tls.Certificate{}, err + return tls.Certificate{}, "", err } rsaPrivKey := tempPrivKey.(*rsa.PrivateKey) rsaPrivPEM := pemEncode(rsaPrivKey) @@ -55,13 +55,13 @@ func TLSSNI01ChallengeCert(keyAuth string) (tls.Certificate, error) { domain := fmt.Sprintf("%s.%s.acme.invalid", z[:32], z[32:]) tempCertPEM, err := generatePemCert(rsaPrivKey, domain) if err != nil { - return tls.Certificate{}, err + return tls.Certificate{}, "", err } certificate, err := tls.X509KeyPair(tempCertPEM, rsaPrivPEM) if err != nil { - return tls.Certificate{}, err + return tls.Certificate{}, "", err } - return certificate, nil + return certificate, domain, nil } diff --git a/acme/tls_sni_challenge_server.go b/acme/tls_sni_challenge_server.go index faaf16f6..df00fbb5 100644 --- a/acme/tls_sni_challenge_server.go +++ b/acme/tls_sni_challenge_server.go @@ -30,7 +30,7 @@ func (s *TLSProviderServer) Present(domain, token, keyAuth string) error { s.port = "443" } - cert, err := TLSSNI01ChallengeCert(keyAuth) + cert, _, err := TLSSNI01ChallengeCert(keyAuth) if err != nil { return err }