diff --git a/acme/authority.go b/acme/authority.go
index edd4e171..b1d13c5b 100644
--- a/acme/authority.go
+++ b/acme/authority.go
@@ -372,7 +372,7 @@ func (a *Authority) validate(ch challenge, jwk *jose.JSONWebKey) (challenge, err
 	dialer := &net.Dialer{
 		Timeout: 30 * time.Second,
 	}
-	return ch.validate(jwk, validateOptions{
+	return ch.clone().morph().validate(jwk, validateOptions{
 		httpGet:   client.Get,
 		lookupTxt: net.LookupTXT,
 		tlsDial: func(network, addr string, config *tls.Config) (*tls.Conn, error) {
diff --git a/acme/challenge.go b/acme/challenge.go
index 8af68328..e2e9b16d 100644
--- a/acme/challenge.go
+++ b/acme/challenge.go
@@ -291,6 +291,19 @@ func unmarshalChallenge(data []byte) (challenge, error) {
 	}
 }
 
+func (bc *baseChallenge) morph() challenge {
+	switch bc.getType() {
+	case "dns-01":
+		return &dns01Challenge{bc}
+	case "http-01":
+		return &http01Challenge{bc}
+	case "tls-alpn-01":
+		return &tlsALPN01Challenge{bc}
+	default:
+		panic("unrecognized challenge type: " + bc.getType())
+	}
+}
+
 // Challenge retry information is internally relevant and needs to be stored in the DB, but should not be part
 // of the public challenge API apart from the Retry-After header.
 type Retry struct {