From b6016b9cc4ebdd4dfae2892de812ffee16079a6c Mon Sep 17 00:00:00 2001
From: Seo Suchan <tjtncks@gmail.com>
Date: Thu, 1 Feb 2024 14:32:14 +0900
Subject: [PATCH] actually make new challange types for wildcard

---
 wfe/wfe.go | 25 ++++++++++---------------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/wfe/wfe.go b/wfe/wfe.go
index 0cc45535..14cd557b 100644
--- a/wfe/wfe.go
+++ b/wfe/wfe.go
@@ -1585,31 +1585,26 @@ func (wfe *WebFrontEndImpl) makeChallenge(
 // is required to make the challenge URL's absolute based on the request host
 func (wfe *WebFrontEndImpl) makeChallenges(authz *core.Authorization, request *http.Request) error {
 	var chals []*core.Challenge
-
-	// Authorizations for a wildcard identifier only get a DNS-01 challenges to
+	var enabledChallenges []string
+	// Authorizations for a wildcard identifier only get a DNS baseed challenges to
 	// match Boulder/Let's Encrypt wildcard issuance policy
 	if strings.HasPrefix(authz.Identifier.Value, "*.") {
-		chal, err := wfe.makeChallenge(acme.ChallengeDNS01, authz, request)
-		if err != nil {
-			return err
-		}
-		chals = []*core.Challenge{chal}
+		enabledChallenges = []string{acme.ChallengeDNS01, acme.ChallengeDNSACCOUNT01}
 	} else {
 		// IP addresses get HTTP-01 and TLS-ALPN challenges
-		var enabledChallenges []string
 		if authz.Identifier.Type == acme.IdentifierIP {
 			enabledChallenges = []string{acme.ChallengeHTTP01, acme.ChallengeTLSALPN01}
 		} else {
 			// Non-wildcard, non-IP identifier authorizations get all of the enabled challenge types
-			enabledChallenges = []string{acme.ChallengeHTTP01, acme.ChallengeTLSALPN01, acme.ChallengeDNS01}
+			enabledChallenges = []string{acme.ChallengeHTTP01, acme.ChallengeTLSALPN01, acme.ChallengeDNS01, acme.ChallengeDNSACCOUNT01}
 		}
-		for _, chalType := range enabledChallenges {
-			chal, err := wfe.makeChallenge(chalType, authz, request)
-			if err != nil {
-				return err
-			}
-			chals = append(chals, chal)
+	}
+	for _, chalType := range enabledChallenges {
+		chal, err := wfe.makeChallenge(chalType, authz, request)
+		if err != nil {
+			return err
 		}
+		chals = append(chals, chal)
 	}
 
 	// Lock the authorization for writing to update the challenges