fix workarounds

.woodpecker/build.yml

@@ -124,8 +124,6 @@ steps:
 services:
   pebble_acme:
     image: ghcr.io/letsencrypt/pebble:2.6.0
-    ports:
-      - 14000 # ACME port
     environment:
       PEBBLE_VA_NOSLEEP: '1'
       PEBBLE_VA_ALWAYS_VALID: '1'

integration/main_test.go

@@ -34,7 +34,7 @@ func TestMain(m *testing.M) {
 
 func startServer(ctx context.Context) error {
 	args := []string{"integration"}
-	setEnvIfNotSet("ACME_API", "https://acme.mock.directory")
+	setEnvIfNotSet("ACME_API", "https://localhost:14000/dir")
 	setEnvIfNotSet("PAGES_DOMAIN", "localhost.mock.directory")
 	setEnvIfNotSet("RAW_DOMAIN", "raw.localhost.mock.directory")
 	setEnvIfNotSet("PAGES_BRANCHES", "pages,main,master")

server/acme/client.go

@@ -3,6 +3,7 @@ package acme
 import (
 	"errors"
 	"fmt"
+	"strings"
 
 	"codeberg.org/codeberg/pages/config"
 	"codeberg.org/codeberg/pages/server/cache"
@@ -13,8 +14,8 @@ var ErrAcmeMissConfig = errors.New("ACME client has wrong config")
 
 func CreateAcmeClient(cfg config.ACMEConfig, enableHTTPServer bool, challengeCache cache.ICache) (*certificates.AcmeClient, error) {
 	// check config
-	if (!cfg.AcceptTerms || (cfg.DNSProvider == "" && !cfg.NoDNS01)) && cfg.APIEndpoint != "https://acme.mock.directory" {
+	if (!cfg.AcceptTerms || (cfg.DNSProvider == "" && !cfg.NoDNS01)) && (cfg.APIEndpoint != "https://acme.mock.directory" || strings.HasPrefix(cfg.APIEndpoint, "https://localhost")) {
-		return nil, fmt.Errorf("%w: you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER or $NO_DNS_01, unless $ACME_API is set to https://acme.mock.directory", ErrAcmeMissConfig)
+		return nil, fmt.Errorf("%w: you must set $ACME_ACCEPT_TERMS and $DNS_PROVIDER or $NO_DNS_01, unless $ACME_API is set to https://acme.mock.directory or starts with https://localhost", ErrAcmeMissConfig)
 	}
 	if cfg.EAB_HMAC != "" && cfg.EAB_KID == "" {
 		return nil, fmt.Errorf("%w: ACME_EAB_HMAC also needs ACME_EAB_KID to be set", ErrAcmeMissConfig)