From 9bb5589e17964bfbfb4d25d204a6bb4e10bef3b2 Mon Sep 17 00:00:00 2001
From: Ludovic Fernandez <ldez@users.noreply.github.com>
Date: Sun, 1 Jul 2018 01:12:36 +0200
Subject: [PATCH] feat: CA Server Name. (#590)

---
 acme/http.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/acme/http.go b/acme/http.go
index a0637a0c..8d7ee51e 100644
--- a/acme/http.go
+++ b/acme/http.go
@@ -34,7 +34,8 @@ var (
 			ResponseHeaderTimeout: 15 * time.Second,
 			ExpectContinueTimeout: 1 * time.Second,
 			TLSClientConfig: &tls.Config{
-				RootCAs: initCertPool(),
+				ServerName: os.Getenv(caServerNameEnvVar),
+				RootCAs:    initCertPool(),
 			},
 		},
 	}
@@ -53,6 +54,12 @@ const (
 	// authenticate an ACME server with a HTTPS certificate not issued by a CA in
 	// the system-wide trusted root list.
 	caCertificatesEnvVar = "LEGO_CA_CERTIFICATES"
+
+	// caServerNameEnvVar is the environment variable name that can be used to
+	// specify the CA server name that can be used to
+	// authenticate an ACME server with a HTTPS certificate not issued by a CA in
+	// the system-wide trusted root list.
+	caServerNameEnvVar = "LEGO_CA_SERVER_NAME"
 )
 
 // initCertPool creates a *x509.CertPool populated with the PEM certificates