Use Manager.HTTPHandler for automatic TLS support.

This is needed since the recent removal of the TLS-SNI challenge types.
https://community.letsencrypt.org/t/tls-sni-challenges-disabled-for-most-new-issuance/50316
The HTTP-01 challenge type requires an additional listener on port 80.

broker/broker.go

@@ -260,6 +260,10 @@ func main() {
 			HostPolicy: autocert.HostWhitelist(acmeHostnames...),
 			Email:      acmeEmail,
 		}
+		go func() {
+			log.Printf("Starting HTTP-01 listener")
+			log.Fatal(http.ListenAndServe(":80",  certManager.HTTPHandler(nil)))
+		}()
 
 		server.TLSConfig = &tls.Config{GetCertificate: certManager.GetCertificate}
 		err = server.ListenAndServeTLS("", "")