devapp: add acme.ALPNProto to NextProtos

We need to add this manually in order to enable the tls-alpn-01
challenge, since we're using GetCertificate directly instead of
via Manager.TLSConfig. We also don't have the http-01 challenge
enabled (HTTPHandler isn't being used), so this is the only way
for a Let's Encrypt certificate to be acquired now that tls-sni-*
challenges have been deprecated.

In the future, this code can probably be simplified by using
higher-level APIs of autocert, but this fixes the immediate issue.

Updates golang/go#32272

Change-Id: Ia72bca3e44bc585b0dfe5c7bcd3e4f544272d1ab
Reviewed-on: https://go-review.googlesource.com/c/build/+/179097
Reviewed-by: Brad Fitzpatrick <[email protected]>

Author: dmitshur

devapp/devapp.go

@@ -24,6 +24,7 @@ import (
 
 	"cloud.google.com/go/storage"
 	"golang.org/x/build/autocertcache"
+	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
 	"golang.org/x/net/http2"
 )
@@ -134,7 +135,10 @@ func serveAutocertTLS(h http.Handler, bucket string) error {
 	}
 	config := &tls.Config{
 		GetCertificate: m.GetCertificate,
-		NextProtos:     []string{"h2", "http/1.1"},
+		NextProtos: []string{
+			"h2", "http/1.1", // enable HTTP/2
+			acme.ALPNProto, // enable tls-alpn ACME challenges
+		},
 	}
 	tlsLn := tls.NewListener(tcpKeepAliveListener{ln.(*net.TCPListener)}, config)
 	server := &http.Server{