From 9350fb4aefa74f3e65ed2f24afc800c60ef92f01 Mon Sep 17 00:00:00 2001
From: Michael Cross <mc@xi2.org>
Date: Sun, 7 Feb 2016 13:25:31 +0000
Subject: [PATCH] http-01 challenge: disable TCP connection reuse

If TCP connection reuse (KeepAlives) are left on then, in a sequence
of challenges arising from a multiple-domain certficate, challenges
after the 1st can fail due to reusing the now defunct tcp connection
used in the first challenge. This has been observed when using the Go
standard library reverse proxy to forward the challenges to Lego.

Fixes #107
---
 acme/http_challenge_server.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/acme/http_challenge_server.go b/acme/http_challenge_server.go
index 7597e437..33882236 100644
--- a/acme/http_challenge_server.go
+++ b/acme/http_challenge_server.go
@@ -58,6 +58,12 @@ func (s *httpChallengeServer) serve(domain, token, keyAuth string) {
 		}
 	})
 
-	http.Serve(s.listener, mux)
+	httpServer := &http.Server{
+		Handler: mux,
+	}
+	// Once httpServer is shut down we don't want any lingering
+	// connections, so disable KeepAlives.
+	httpServer.SetKeepAlivesEnabled(false)
+	httpServer.Serve(s.listener)
 	s.done <- true
 }