Allow the user to override the challenge port. Enables running as non-root.

acme/client.go

@@ -46,7 +46,7 @@ type Client struct {
 }
 
 // NewClient creates a new client for the set user.
-func NewClient(caURL string, usr User) *Client {
+func NewClient(caURL string, usr User, optPort string) *Client {
 	if err := usr.GetPrivateKey().Validate(); err != nil {
 		logger().Fatalf("Could not validate the private account key of %s -> %v", usr.GetEmail(), err)
 	}

cli.go

@@ -94,10 +94,6 @@ func main() {
 			Value: "https://www.letsencrypt-demo.org/acme/new-reg",
 			Usage: "CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client.",
 		},
-		cli.StringFlag{
-			Name:  "authkey, k",
-			Usage: "Path to the authorized key file",
-		},
 		cli.StringFlag{
 			Name:  "email, m",
 			Usage: "Email used for registration and recovery contact.",
@@ -120,6 +116,10 @@ func main() {
 			Usage: "Directory to use for storing the data",
 			Value: defaultPath,
 		},
+		cli.StringFlag{
+			Name:  "port",
+			Usage: "Challenges will use this port to listen on. Please make sure to forward port 443 to this port on your machine. Otherwise use setcap on the binary",
+		},
 	}
 
 	app.Run(os.Args)

cli_handlers.go

@@ -30,7 +30,7 @@ func run(c *cli.Context) {
 	}
 
 	acc := NewAccount(c.GlobalString("email"), conf)
-	client := acme.NewClient(c.GlobalString("server"), acc)
+	client := acme.NewClient(c.GlobalString("server"), acc, conf.OptPort())
 	if acc.Registration == nil {
 		reg, err := client.Register()
 		if err != nil {

configuration.go

@@ -24,6 +24,10 @@ func (c *Configuration) RsaBits() int {
 	return c.context.GlobalInt("rsa-key-size")
 }
 
+func (c *Configuration) OptPort() string {
+	return c.context.GlobalString("port")
+}
+
 // ServerPath returns the OS dependent path to the data for a specific CA
 func (c *Configuration) ServerPath() string {
 	srv, _ := url.Parse(c.context.GlobalString("server"))