From a8fabd007ffb92dc9c886826b1b3ac543e2b6288 Mon Sep 17 00:00:00 2001
From: Scott Knight <4534275+knightsc@users.noreply.github.com>
Date: Fri, 10 Aug 2018 12:26:46 -0400
Subject: [PATCH 1/2] Add http-01 support to the Let's Encrypt mechanism.

Since the autocert.Manager is always created regardless of whether
Let's Encrypt is being used or not I opted to always wrap the HTTP
redirect handler with the autocert.Manager HTTPHandler. This means
that port 80 will always be available to handle a Let's Encrypt challenge
as well as do the redirect. This should get Let's Encrypt support
functioning again since tls-sni-02 and tls-sni-01 were deprecated.
---
 httputil/httputil.go | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/httputil/httputil.go b/httputil/httputil.go
index f2ba452..8bcaad4 100644
--- a/httputil/httputil.go
+++ b/httputil/httputil.go
@@ -267,11 +267,7 @@ func ListenAndServe(opts ...Option) error {
 			errs <- (&http.Server{
 				ReadTimeout:  5 * time.Second,
 				WriteTimeout: 5 * time.Second,
-				Handler: http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-					w.Header().Set("Connection", "close")
-					url := "https://" + req.Host + req.URL.String()
-					http.Redirect(w, req, url, http.StatusMovedPermanently)
-				}),
+				Handler:      m.HTTPHandler(http.HandlerFunc(redirect)),
 			}).ListenAndServe()
 		}()
 	}
@@ -279,6 +275,12 @@ func ListenAndServe(opts ...Option) error {
 	return <-errs
 }
 
+func redirect(w http.ResponseWriter, req *http.Request) {
+	w.Header().Set("Connection", "close")
+	url := "https://" + req.Host + req.URL.String()
+	http.Redirect(w, req, url, http.StatusMovedPermanently)
+}
+
 // tlsProfile represents a collection of TLS CipherSuites and their compatibility with Web Browsers.
 // The different profile types are defined on the Mozilla wiki: https://wiki.mozilla.org/Security/Server_Side_TLS
 type tlsProfile int

From 178158e9a38dda273ee139d9f00905614b6cd3ca Mon Sep 17 00:00:00 2001
From: Scott Knight <4534275+knightsc@users.noreply.github.com>
Date: Mon, 13 Aug 2018 08:09:27 -0400
Subject: [PATCH 2/2] fixup! Add http-01 support to the Let's Encrypt
 mechanism.

---
 httputil/httputil.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/httputil/httputil.go b/httputil/httputil.go
index 8bcaad4..8f4c94d 100644
--- a/httputil/httputil.go
+++ b/httputil/httputil.go
@@ -262,7 +262,7 @@ func ListenAndServe(opts ...Option) error {
 		errs <- server.Serve(ln)
 	}()
 
-	if redirectHTTPS {
+	if redirectHTTPS || config.TLSConfig.GetCertificate != nil {
 		go func() {
 			errs <- (&http.Server{
 				ReadTimeout:  5 * time.Second,