feat: rework acme config format

app/cmd/server.go

@@ -6,12 +6,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"github.com/libdns/cloudflare"
-	"github.com/libdns/duckdns"
-	"github.com/libdns/gandi"
-	"github.com/libdns/godaddy"
-	"github.com/libdns/namedotcom"
-	"github.com/libdns/vultr"
 	"net"
 	"net/http"
 	"net/http/httputil"
@@ -22,6 +16,12 @@ import (
 	"time"
 
 	"github.com/caddyserver/certmagic"
+	"github.com/libdns/cloudflare"
+	"github.com/libdns/duckdns"
+	"github.com/libdns/gandi"
+	"github.com/libdns/godaddy"
+	"github.com/libdns/namedotcom"
+	"github.com/libdns/vultr"
 	"github.com/mholt/acmez/acme"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -85,19 +85,36 @@ type serverConfigTLS struct {
 }
 
 type serverConfigACME struct {
+	// Common fields
 	Domains    []string `mapstructure:"domains"`
 	Email      string   `mapstructure:"email"`
 	CA         string   `mapstructure:"ca"`
+	ListenHost string   `mapstructure:"listenHost"`
+	Dir        string   `mapstructure:"dir"`
+
+	// Type selection
+	Type string               `mapstructure:"type"`
+	HTTP serverConfigACMEHTTP `mapstructure:"http"`
+	TLS  serverConfigACMETLS  `mapstructure:"tls"`
+	DNS  serverConfigACMEDNS  `mapstructure:"dns"`
+
+	// Legacy fields for backwards compatibility
+	// Only applicable when Type is empty
 	DisableHTTP    bool `mapstructure:"disableHTTP"`
 	DisableTLSALPN bool `mapstructure:"disableTLSALPN"`
-	ListenHost     string                      `mapstructure:"listenHost"`
 	AltHTTPPort    int  `mapstructure:"altHTTPPort"`
 	AltTLSALPNPort int  `mapstructure:"altTLSALPNPort"`
-	DNSProvider    serverConfigACMEDNSProvider `mapstructure:"dnsProvider"`
-	Dir            string                      `mapstructure:"dir"`
 }
 
-type serverConfigACMEDNSProvider struct {
+type serverConfigACMEHTTP struct {
+	AltPort int `mapstructure:"altPort"`
+}
+
+type serverConfigACMETLS struct {
+	AltPort int `mapstructure:"altPort"`
+}
+
+type serverConfigACMEDNS struct {
 	Name   string            `mapstructure:"name"`
 	Config map[string]string `mapstructure:"config"`
 }
@@ -306,11 +323,7 @@ func (c *serverConfig) fillTLSConfig(hyConfig *server.Config) error {
 		cmIssuer := certmagic.NewACMEIssuer(cmCfg, certmagic.ACMEIssuer{
 			Email:      c.ACME.Email,
 			Agreed:     true,
-			DisableHTTPChallenge:    c.ACME.DisableHTTP,
-			DisableTLSALPNChallenge: c.ACME.DisableTLSALPN,
 			ListenHost: c.ACME.ListenHost,
-			AltHTTPPort:             c.ACME.AltHTTPPort,
-			AltTLSALPNPort:          c.ACME.AltTLSALPNPort,
 			Logger:     logger,
 		})
 		switch strings.ToLower(c.ACME.CA) {
@@ -325,51 +338,80 @@ func (c *serverConfig) fillTLSConfig(hyConfig *server.Config) error {
 			}
 			cmIssuer.ExternalAccount = eab
 		default:
-			return configError{Field: "acme.ca", Err: errors.New("unknown CA")}
+			return configError{Field: "acme.ca", Err: errors.New("unsupported CA")}
 		}
 
-		if c.ACME.DNSProvider.Name != "" && c.ACME.DNSProvider.Config != nil {
+		switch strings.ToLower(c.ACME.Type) {
-			switch strings.ToLower(c.ACME.DNSProvider.Name) {
+		case "http":
+			cmIssuer.DisableHTTPChallenge = false
+			cmIssuer.DisableTLSALPNChallenge = true
+			cmIssuer.DNS01Solver = nil
+			cmIssuer.AltHTTPPort = c.ACME.HTTP.AltPort
+		case "tls":
+			cmIssuer.DisableHTTPChallenge = true
+			cmIssuer.DisableTLSALPNChallenge = false
+			cmIssuer.DNS01Solver = nil
+			cmIssuer.AltTLSALPNPort = c.ACME.TLS.AltPort
+		case "dns":
+			cmIssuer.DisableHTTPChallenge = true
+			cmIssuer.DisableTLSALPNChallenge = true
+			if c.ACME.DNS.Name == "" {
+				return configError{Field: "acme.dns.name", Err: errors.New("empty DNS provider name")}
+			}
+			if c.ACME.DNS.Config == nil {
+				return configError{Field: "acme.dns.config", Err: errors.New("empty DNS provider config")}
+			}
+			switch strings.ToLower(c.ACME.DNS.Name) {
 			case "cloudflare":
 				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
 					DNSProvider: &cloudflare.Provider{
-						APIToken: c.ACME.DNSProvider.Config["cloudflare_api_token"],
+						APIToken: c.ACME.DNS.Config["cloudflare_api_token"],
 					},
 				}
 			case "duckdns":
 				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
 					DNSProvider: &duckdns.Provider{
-						APIToken:       c.ACME.DNSProvider.Config["duckdns_api_token"],
+						APIToken:       c.ACME.DNS.Config["duckdns_api_token"],
-						OverrideDomain: c.ACME.DNSProvider.Config["duckdns_override_domain"],
+						OverrideDomain: c.ACME.DNS.Config["duckdns_override_domain"],
 					},
 				}
 			case "gandi":
 				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
 					DNSProvider: &gandi.Provider{
-						BearerToken: c.ACME.DNSProvider.Config["gandi_api_token"],
+						BearerToken: c.ACME.DNS.Config["gandi_api_token"],
 					},
 				}
 			case "godaddy":
 				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
 					DNSProvider: &godaddy.Provider{
-						APIToken: c.ACME.DNSProvider.Config["godaddy_api_token"],
+						APIToken: c.ACME.DNS.Config["godaddy_api_token"],
 					},
 				}
 			case "namedotcom":
 				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
 					DNSProvider: &namedotcom.Provider{
-						Token:  c.ACME.DNSProvider.Config["namedotcom_token"],
+						Token:  c.ACME.DNS.Config["namedotcom_token"],
-						User:   c.ACME.DNSProvider.Config["namedotcom_user"],
+						User:   c.ACME.DNS.Config["namedotcom_user"],
-						Server: c.ACME.DNSProvider.Config["namedotcom_server"],
+						Server: c.ACME.DNS.Config["namedotcom_server"],
 					},
 				}
 			case "vultr":
 				cmIssuer.DNS01Solver = &certmagic.DNS01Solver{
 					DNSProvider: &vultr.Provider{
-						APIToken: c.ACME.DNSProvider.Config["vultr_api_token"],
+						APIToken: c.ACME.DNS.Config["vultr_api_token"],
 					},
 				}
+			default:
+				return configError{Field: "acme.dns.name", Err: errors.New("unsupported DNS provider")}
 			}
+		case "":
+			// Legacy compatibility mode
+			cmIssuer.DisableHTTPChallenge = c.ACME.DisableHTTP
+			cmIssuer.DisableTLSALPNChallenge = c.ACME.DisableTLSALPN
+			cmIssuer.AltHTTPPort = c.ACME.AltHTTPPort
+			cmIssuer.AltTLSALPNPort = c.ACME.AltTLSALPNPort
+		default:
+			return configError{Field: "acme.type", Err: errors.New("unsupported ACME type")}
 		}
 
 		cmCfg.Issuers = []certmagic.Issuer{cmIssuer}

app/cmd/server_test.go

@@ -36,17 +36,26 @@ func TestServerConfig(t *testing.T) {
 			},
 			Email:      "haha@cringe.net",
 			CA:         "zero",
+			ListenHost: "127.0.0.9",
+			Dir:        "random_dir",
+			Type:       "dns",
+			HTTP: serverConfigACMEHTTP{
+				AltPort: 8888,
+			},
+			TLS: serverConfigACMETLS{
+				AltPort: 44333,
+			},
+			DNS: serverConfigACMEDNS{
+				Name: "gomommy",
+				Config: map[string]string{
+					"key1": "value1",
+					"key2": "value2",
+				},
+			},
 			DisableHTTP:    true,
 			DisableTLSALPN: true,
-			AltHTTPPort:    9980,
+			AltHTTPPort:    8080,
-			AltTLSALPNPort: 9443,
+			AltTLSALPNPort: 4433,
-			Dir:            "random_dir",
-			DNSProvider: serverConfigACMEDNSProvider{
-				Name: "cloudflare",
-				Config: map[string]string{
-					"cloudflare_api_token": "xxxxxxxxxx",
-				},
-			},
 		},
 		QUIC: serverConfigQUIC{
 			InitStreamReceiveWindow:     77881,

app/cmd/server_test.yaml

@@ -15,15 +15,22 @@ acme:
     - sub2.example.com
   email: haha@cringe.net
   ca: zero
+  listenHost: 127.0.0.9
+  dir: random_dir
+  type: dns
+  http:
+    altPort: 8888
+  tls:
+    altPort: 44333
+  dns:
+    name: gomommy
+    config:
+      key1: value1
+      key2: value2
   disableHTTP: true
   disableTLSALPN: true
-  altHTTPPort: 9980
+  altHTTPPort: 8080
-  altTLSALPNPort: 9443
+  altTLSALPNPort: 4433
-  dir: random_dir
-  dnsProvider:
-    name: "cloudflare"
-    config:
-      cloudflare_api_token: "xxxxxxxxxx"
 
 quic:
   initStreamReceiveWindow: 77881