Merge "pk-web: enable TLS-ALPN-01 for Lets Encrypt"

2019-02-24 16:47:59 +00:00 · 2019-02-24 16:47:59 +00:00 · 78362dc1c0
parent 2a85cb7142 b46cc46d5d
commit 78362dc1c0
2 changed files with 3 additions and 3 deletions
--- a/pkg/webserver/webserver.go
+++ b/pkg/webserver/webserver.go
@ -194,6 +194,8 @@ func (s *Server) Listen(addr string) error {
 		}
 		if s.tlsCertFile == "" && s.certManager != nil {
 			config.GetCertificate = s.certManager
+			// TODO(mpl): see if we can instead use
+			// https://godoc.org/golang.org/x/crypto/acme/autocert#Manager.TLSConfig
 			config.NextProtos = append(config.NextProtos, alpnProto)
 			s.listener = tls.NewListener(s.listener, config)
 			return nil
--- a/website/pk-web/pkweb.go
+++ b/website/pk-web/pkweb.go
@ -1036,9 +1036,7 @@ func serve(httpServer *http.Server, onHTTPError func(error)) error {
 	if *adminEmail != "" {
 		m.Email = *adminEmail
 	}
-	httpsServer.TLSConfig = &tls.Config{
-		GetCertificate: m.GetCertificate,
-	}
+	httpsServer.TLSConfig = m.TLSConfig()
 	log.Printf("Listening for HTTPS on %v", *httpsAddr)
 	ln, err := net.Listen("tcp", *httpsAddr)
 	if err != nil {