tls-sni disabled on LetsEncrypt

[SilverCory]

http: TLS handshake error from 82.34.xxx.xxx:55065: acme/autocert: unable to authorize "xxx.xxx.xxx"; tried ["tls-sni-02" "tls-sni-01"]

[deepch]

Also does not work.

[SilverCory]

@deepch it won't because tls-sni is disabled on letsencrypt's end, you have to use http-01

You can do this in a manner similar to below

	m := &autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist(panel.Config.Web.DomainNames[0:]...),
	}
	dir := cacheDir()
	fmt.Println("Using cache: ", dir)
	if err := os.MkdirAll(dir, 0700); err != nil {
		log.Printf("warning: autocert.NewListener not using a cache: %v", err)
	} else {
		m.Cache = autocert.DirCache(dir)
	}
	go http.ListenAndServe(":http", m.HTTPHandler(nil))
	return autotls.RunWithManager(panel.GinInstance, *m)

[deepch]

this method redirect http to https I need pure :80 and https ;(

[SilverCory]

@deepch you can turn of the redirect by supplying a handler in m.HTTPHandler(...)

[deepch]

thx I run it

	m := &autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist(panel.Config.Web.DomainNames[0:]...),
	}
	dir := cacheDir()
	fmt.Println("Using cache: ", dir)
	if err := os.MkdirAll(dir, 0700); err != nil {
		log.Printf("warning: autocert.NewListener not using a cache: %v", err)
	} else {
		m.Cache = autocert.DirCache(dir)
	}
	go http.ListenAndServe(":http", m.HTTPHandler(panel.GinInstance))
	return autotls.RunWithManager(panel.GinInstance, *m)

if use go http.ListenAndServe(":http", m.HTTPHandler(nil)) <--- nil work as redirect
if use go http.ListenAndServe(":http", m.HTTPHandler(panel.GinInstance)) <--- panel.GinInstance work as http and cert receive no problem

thx you.

[appleboy]

See #26