Use caddy's certmagic library for extensible/robust ACME handling (#14177)

* use certmagic for more extensible/robust ACME cert handling

* accept TOS based on config option

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>

5 files changed, 158 insertions, 0 deletions

diff --git a/vendor/github.com/libdns/libdns/.gitignore b/vendor/github.com/libdns/libdns/.gitignore
new file mode 100644
index 0000000000..fbd281d14e
--- /dev/null
+++ b/vendor/github.com/libdns/libdns/.gitignore
@@ -0,0 +1 @@
+_gitignore/
diff --git a/vendor/github.com/libdns/libdns/LICENSE b/vendor/github.com/libdns/libdns/LICENSE
new file mode 100644
index 0000000000..ac7653fbd2
--- /dev/null
+++ b/vendor/github.com/libdns/libdns/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2020 Matthew Holt
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/vendor/github.com/libdns/libdns/README.md b/vendor/github.com/libdns/libdns/README.md
new file mode 100644
index 0000000000..e0ed429029
--- /dev/null
+++ b/vendor/github.com/libdns/libdns/README.md
@@ -0,0 +1,48 @@
+libdns - Universal DNS provider APIs for Go
+===========================================
+
+<a href="https://pkg.go.dev/github.com/libdns/libdns"><img src="https://img.shields.io/badge/godoc-reference-blue.svg"></a>
+
+`libdns` is a collection of free-range DNS provider client implementations written in Go! With libdns packages, your Go program can manage DNS records across any supported providers.
+
+**⚠️ Work-in-progress. Exported APIs are subject to change. More documentation is coming soon.**
+
+This repository defines the core interfaces that providers should implement. They are small and idiomatic Go interfaces with well-defined semantics.
+
+The interfaces include:
+
+- `RecordGetter` to list records.
+- `RecordAppender` to append new records.
+- `RecordSetter` to set (create or change existing) records.
+- `RecordDeleter` to delete records.
+
+
+## Implementing new providers
+
+Providers are 100% written and maintained by the community! We all maintain just the packages for providers we use.
+
+**[Instructions for adding new providers](https://github.com/libdns/libdns/wiki/Implementing-providers)** are on this repo's wiki. Please feel free to contribute.
+
+
+## Similar projects
+
+**[OctoDNS](https://github.com/github/octodns)** is a suite of tools written in Python for managing DNS. However, its approach is a bit heavy-handed when all you need are small, incremental changes to a zone:
+
+> WARNING: OctoDNS assumes ownership of any domain you point it to. When you tell it to act it will do whatever is necessary to try and match up states including deleting any unexpected records. Be careful when playing around with OctoDNS. 
+
+This is incredibly useful when you are maintaining your own zone file, but risky when you just need incremental changes.
+
+**[StackExchange/dnscontrol](https://github.com/StackExchange/dnscontrol)** is written in Go, but is similar to OctoDNS in that it tends to obliterate your entire zone and replace it with your input. Again, this is very useful if you are maintaining your own master list of records, but doesn't do well for simply adding or removing records.
+
+**[go-acme/lego](https://github.com/go-acme/lego)** has support for a huge number of DNS providers (75+!), but their APIs are only capable of setting and deleting TXT records for ACME challenges.
+
+**`libdns`** takes inspiration from the above projects but aims for a more generally-useful set of APIs that homogenize pretty well across providers. In contrast to the above projects, libdns can add, set, delete, and get arbitrary records from a zone without obliterating it (although syncing up an entire zone is also possible!). Its APIs also include context so long-running calls can be cancelled early, for example to accommodate on-line config changes downstream. libdns interfaces are also smaller and more composable. Additionally, libdns can grow to support a nearly infinite number of DNS providers without added bloat, because each provider implementation is a separate Go module, which keeps your builds lean and fast.
+
+In summary, the goal is that libdns providers can do what the above libraries/tools can do, but with more flexibility: they can create and delete TXT records for ACME challenges, they can replace entire zones, but they can also do incremental changes or simply read records.
+
+
+## Record abstraction
+
+How records are represented across providers varies widely, and each kind of record has different fields and semantics. In time, our goal is for the `libdns.Record` type to be able to represent most of them as concisely and simply as possible, with the interface methods able to deliver on most of the possible zone operations.
+
+Realistically, libdns should enable most common record manipulations, but may not be able to fit absolutely 100% of all possibilities with DNS in a provider-agnostic way. That is probably OK; and given the wide varieties in DNS record types and provider APIs, it would be unreasonable to expect otherwise. We are not aiming for 100% fulfillment of 100% of users' requirements; more like 100% fulfillment of ~90% of users' requirements.
diff --git a/vendor/github.com/libdns/libdns/go.mod b/vendor/github.com/libdns/libdns/go.mod
new file mode 100644
index 0000000000..252849506b
--- /dev/null
+++ b/vendor/github.com/libdns/libdns/go.mod
@@ -0,0 +1,3 @@
+module github.com/libdns/libdns
+
+go 1.14
diff --git a/vendor/github.com/libdns/libdns/libdns.go b/vendor/github.com/libdns/libdns/libdns.go
new file mode 100644
index 0000000000..26920e66db
--- /dev/null
+++ b/vendor/github.com/libdns/libdns/libdns.go
@@ -0,0 +1,85 @@
+// Package libdns defines the core interfaces that should be implemented
+// by DNS provider clients. They are small and idiomatic Go interfaces with
+// well-defined semantics.
+//
+// All interface implementations must be safe for concurrent/parallel use.
+// For example, if AppendRecords() is called at the same time and two API
+// requests are made to the provider at the same time, the result of both
+// requests must be visible after they both complete; if the provider does
+// not synchronize the writing of the zone file and one request overwrites
+// the other, then the client implementation must take care to synchronize
+// on behalf of the incompetent provider. This synchronization need not be
+// global, for example: the scope of synchronization might only need to be
+// within the same zone, allowing multiple requests at once as long as all
+// of them are for different zones. (Exact logic depends on the provider.)
+package libdns
+
+import (
+	"context"
+	"time"
+)
+
+// RecordGetter can get records from a DNS zone.
+type RecordGetter interface {
+	// GetRecords returns all the records in the DNS zone.
+	//
+	// Implementations must honor context cancellation and be safe for
+	// concurrent use.
+	GetRecords(ctx context.Context, zone string) ([]Record, error)
+}
+
+// RecordAppender can non-destructively add new records to a DNS zone.
+type RecordAppender interface {
+	// AppendRecords creates the requested records in the given zone
+	// and returns the populated records that were created. It never
+	// changes existing records.
+	//
+	// Implementations must honor context cancellation and be safe for
+	// concurrent use.
+	AppendRecords(ctx context.Context, zone string, recs []Record) ([]Record, error)
+}
+
+// RecordSetter can set new or update existing records in a DNS zone.
+type RecordSetter interface {
+	// SetRecords updates the zone so that the records described in the
+	// input are reflected in the output. It may create or overwrite
+	// records or -- depending on the record type -- delete records to
+	// maintain parity with the input. No other records are affected.
+	// It returns the records which were set.
+	//
+	// Records that have an ID associating it with a particular resource
+	// on the provider will be directly replaced. If no ID is given, this
+	// method may use what information is given to do lookups and will
+	// ensure that only necessary changes are made to the zone.
+	//
+	// Implementations must honor context cancellation and be safe for
+	// concurrent use.
+	SetRecords(ctx context.Context, zone string, recs []Record) ([]Record, error)
+}
+
+// RecordDeleter can delete records from a DNS zone.
+type RecordDeleter interface {
+	// DeleteRecords deletes the given records from the zone if they exist.
+	// It returns the records that were deleted.
+	//
+	// Records that have an ID to associate it with a particular resource on
+	// the provider will be directly deleted. If no ID is given, this method
+	// may use what information is given to do lookups and delete only
+	// matching records.
+	//
+	// Implementations must honor context cancellation and be safe for
+	// concurrent use.
+	DeleteRecords(ctx context.Context, zone string, recs []Record) ([]Record, error)
+}
+
+// Record is a generalized representation of a DNS record.
+type Record struct {
+	// provider-specific metadata
+	ID string
+
+	// general record fields
+	Type  string
+	Name  string
+	Value string
+	TTL   time.Duration
+}