Add support for ACME_CHALLENGE_DIR environment variable

Author: chr4

cmd/acme/cert.go

@@ -21,6 +21,7 @@ import (
 	"io/ioutil"
 	"net"
 	"net/http"
+	"os"
 	"path/filepath"
 	"time"
 
@@ -167,14 +168,18 @@ func authz(client *acme.Client, zurl, domain string) error {
 	if certManual {
 		// manual challenge response
 		tok := fmt.Sprintf("%s.%s", chal.Token, acme.JWKThumbprint(&client.Key.PublicKey))
-		file, err := challengeFile(domain, tok)
+		file, err := challengeFile(chal.Token, domain, tok)
 		if err != nil {
 			return err
 		}
-		fmt.Printf("Copy %s to ROOT/.well-known/acme-challenge/%s of %s and press enter.\n",
-			file, chal.Token, domain)
-		var x string
-		fmt.Scanln(&x)
+
+		// If ACME_CHALLENGE_DIR is not set, ask user to move challenge file manually
+		if os.Getenv("ACME_CHALLENGE_DIR") == "" {
+			fmt.Printf("Copy %s to ROOT/.well-known/acme-challenge/%s of %s and press enter.\n",
+				file, chal.Token, domain)
+			var x string
+			fmt.Scanln(&x)
+		}
 	} else {
 		// auto, via local server
 		go http.Serve(ln, client.HTTP01Handler(chal.Token))
@@ -215,11 +220,27 @@ func pollCert(url string) [][]byte {
 	}
 }
 
-func challengeFile(domain, content string) (string, error) {
-	f, err := ioutil.TempFile("", domain)
+func challengeFile(challengeFilename, domain, content string) (string, error) {
+	// If ACME_CHALLENGE_DIR is set, place the challenge into it.
+	// Otherwise, create a temporary file
+	var f *os.File
+	var err error
+	if os.Getenv("ACME_CHALLENGE_DIR") != "" {
+		// Create .well-known directory
+		challengeDir := filepath.Join(os.Getenv("ACME_CHALLENGE_DIR"), ".well-known/acme-challenge")
+		err = os.MkdirAll(challengeDir, 0755)
+		if err != nil {
+			return "", err
+		}
+
+		f, err = os.Create(filepath.Join(challengeDir, challengeFilename))
+	} else {
+		f, err = ioutil.TempFile("", domain)
+	}
 	if err != nil {
 		return "", err
 	}
+
 	_, err = fmt.Fprint(f, content)
 	if err1 := f.Close(); err1 != nil && err == nil {
 		err = err1