The core of this post is just one line:
http.Handle("/.well-known/acme-challenge/", http.FileServer(http.FileSystem(http.Dir("/tmp/letsencrypt/"))))
// or
serveMux.Handle("/.well-known/acme-challenge/", http.FileServer(http.FileSystem(http.Dir("/tmp/letsencrypt/"))))
You set up the official Let’s Encrypt client with the webroot authenticator pointing to /tmp/letsencrypt, and your existing server will respond to the challenges.
(That’s the options --webroot --webroot-path /tmp/letsencrypt .)