From 7717294d9e3289ce981fb73ccc1364544f59967b Mon Sep 17 00:00:00 2001 From: xenolf Date: Mon, 9 Nov 2015 18:41:27 +0100 Subject: [PATCH] Add fallback to SimpleHTTP bind in case domain:port is not bindable. --- acme/simple_http_challenge.go | 6 +++++- acme/simple_http_challenge_test.go | 4 ++-- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/acme/simple_http_challenge.go b/acme/simple_http_challenge.go index cab45f11..cf6ddafb 100644 --- a/acme/simple_http_challenge.go +++ b/acme/simple_http_challenge.go @@ -126,7 +126,11 @@ func (s *simpleHTTPChallenge) startHTTPSServer(domain string, token string) (net tlsListener, err := tls.Listen("tcp", domain+port, tlsConf) if err != nil { - return nil, err + // if the domain:port bind failed, fall back to :port bind and try that instead. + tlsListener, err = tls.Listen("tcp", port, tlsConf) + if err != nil { + return nil, err + } } jsonBytes, err := json.Marshal(challenge{Type: "simpleHttp", Token: token, TLS: true}) diff --git a/acme/simple_http_challenge_test.go b/acme/simple_http_challenge_test.go index 5c0d460e..95924d92 100644 --- a/acme/simple_http_challenge_test.go +++ b/acme/simple_http_challenge_test.go @@ -24,9 +24,9 @@ func TestSimpleHTTPNonRootBind(t *testing.T) { if err := solver.Solve(clientChallenge, "127.0.0.1"); err == nil { t.Error("BIND: Expected Solve to return an error but the error was nil.") } else { - expectedError := "Could not start HTTPS server for challenge -> listen tcp 127.0.0.1:443: bind: permission denied" + expectedError := "Could not start HTTPS server for challenge -> listen tcp :443: bind: permission denied" if err.Error() != expectedError { - t.Errorf("Expected error %s but instead got %s", expectedError, err.Error()) + t.Errorf("Expected error \"%s\" but instead got \"%s\"", expectedError, err.Error()) } } }