From d42d0c78208168f4f8936d742979a22d18cc9253 Mon Sep 17 00:00:00 2001
From: jonne <gitea@gompstar.com>
Date: Sun, 22 Feb 2026 21:47:44 +0100
Subject: [PATCH] changed file

---
 pkg/services/ApplyCert.go | 79 ++++++++++++++++++++++++++++++++-------
 1 file changed, 65 insertions(+), 14 deletions(-)

diff --git a/pkg/services/ApplyCert.go b/pkg/services/ApplyCert.go
index 00bea50..a4588a0 100644
--- a/pkg/services/ApplyCert.go
+++ b/pkg/services/ApplyCert.go
@@ -24,9 +24,11 @@ type MyUser struct {
 func (u *MyUser) GetEmail() string {
 	return u.Email
 }
+
 func (u *MyUser) GetRegistration() *registration.Resource {
 	return u.Registration
 }
+
 func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
 	return u.key
 }
@@ -34,50 +36,99 @@ func (u *MyUser) GetPrivateKey() crypto.PrivateKey {
 func ApplyCert(domains []string, email, dir string, provider challenge.Provider) bool {
 	privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 	if err != nil {
-		logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		logger.Error.Printf(
+			"Error requesting certificate for %s%s%s: %s%s%s",
+			logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
+		)
 		return true
 	}
+
 	myUser := MyUser{
 		Email: email,
 		key:   privateKey,
 	}
+
 	config := lego.NewConfig(&myUser)
 	config.Certificate.KeyType = certcrypto.RSA2048
+
 	client, err := lego.NewClient(config)
 	if err != nil {
-		logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
-		return true
-	}
-	err = client.Challenge.SetDNS01Provider(provider)
-	if err != nil {
-		logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		logger.Error.Printf(
+			"Error requesting certificate for %s%s%s: %s%s%s",
+			logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
+		)
 		return true
 	}
 
-	reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true})
+	// =====================================================
+	// 🔒 FORCE DNS-01 ONLY — DISABLE ALL OTHER CHALLENGES
+	// =====================================================
+	client.Challenge.RemoveHTTP01Provider()
+	client.Challenge.RemoveTLSALPN01Provider()
+
+	err = client.Challenge.SetDNS01Provider(provider)
 	if err != nil {
-		logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		logger.Error.Printf(
+			"Error requesting certificate for %s%s%s: %s%s%s",
+			logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
+		)
 		return true
 	}
+
+	// =====================================================
+
+	reg, err := client.Registration.Register(
+		registration.RegisterOptions{TermsOfServiceAgreed: true},
+	)
+	if err != nil {
+		logger.Error.Printf(
+			"Error requesting certificate for %s%s%s: %s%s%s",
+			logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
+		)
+		return true
+	}
+
 	myUser.Registration = reg
+
 	request := certificate.ObtainRequest{
 		Domains: domains,
 		Bundle:  true,
 	}
+
 	certificates, err := client.Certificate.Obtain(request)
 	if err != nil {
-		logger.Error.Printf("Error requesting certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		logger.Error.Printf(
+			"Error requesting certificate for %s%s%s: %s%s%s",
+			logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
+		)
 		return true
 	}
-	err = os.WriteFile(filepath.Join(dir, domains[0]+".crt"), certificates.Certificate, os.ModePerm)
+
+	err = os.WriteFile(
+		filepath.Join(dir, domains[0]+".crt"),
+		certificates.Certificate,
+		os.ModePerm,
+	)
 	if err != nil {
-		logger.Error.Printf("Error saving certificate for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		logger.Error.Printf(
+			"Error saving certificate for %s%s%s: %s%s%s",
+			logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
+		)
 		return true
 	}
-	err = os.WriteFile(filepath.Join(dir, domains[0]+".key"), certificates.PrivateKey, os.ModePerm)
+
+	err = os.WriteFile(
+		filepath.Join(dir, domains[0]+".key"),
+		certificates.PrivateKey,
+		os.ModePerm,
+	)
 	if err != nil {
-		logger.Error.Printf("Error saving certificate key for %s%s%s: %s%s%s", logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset)
+		logger.Error.Printf(
+			"Error saving certificate key for %s%s%s: %s%s%s",
+			logger.Cyan, domains, logger.Reset, logger.Red, err, logger.Reset,
+		)
 		return true
 	}
+
 	return false
 }