TLS

[HalosGhost]

At the moment (as mentioned in #6), we are serving exclusively over HTTP.

So, it looks like we now have a reasonable option:

• [x] https://github.com/lpereira/lwan/issues/243
• [x] implement a small lwan instance:
  • [x] serve files (without indexing) on /.well-known/acme-challenge
  • [x] redirect all other paths to https://halosgho.st
  • [x] listen on 8080 and redirect traffic from 80 with nftables
• [x] move current lwan instance to 8443 (traffic redirected via varnish/hitch from 443 using settings derived from mozilla's TLS config generator)
• [x] leverage kristapsdz/acme-client-portable for the LE challenge
  • [x] Setup auto-renew once it has been determined to be functional

[HalosGhost]

Auto-renewal has been enabled via 0368b7c.

That brings this issue to a close (though, we have not yet actually seen auto-renewal function, all indications are that it should work).