Attempt to fix DNS fulfillment for the wildcard case

dns_challenge.go

@@ -87,8 +87,16 @@ func (d *dnsValidator) client() *dns.Client {
 }
 
 func (d *dnsValidator) Fulfill(ctx context.Context, client *acme.Client, domain string, chal *acme.Challenge) (func(), error) {
+	domain = strings.TrimPrefix(domain, "*.")
+
+	zone, err := publicsuffix.EffectiveTLDPlusOne(domain)
+	if err != nil {
+		return nil, fmt.Errorf("could not determine effective tld: %w", err)
+	}
+
+	zone = dns.Fqdn(zone)
 	fqdn := dns.Fqdn(domain)
-	zone := domain[strings.Index(fqdn, ".")+1:]
+
 	value, err := client.DNS01ChallengeRecord(chal.Token)
 	if err != nil {
 		return nil, err

go.mod

@@ -7,6 +7,7 @@ require (
 	git.autistici.org/ai3/tools/replds v0.0.0-20230923170339-b6e6e3cc032b
 	github.com/miekg/dns v1.1.50
 	github.com/prometheus/client_golang v1.12.2
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
+	golang.org/x/crypto v0.23.0
+	golang.org/x/net v0.25.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1
 )