odeke-em
commented
7 years ago /cc @x1ddos @bradfitz
Open prologic opened 7 years ago
odeke-em
commented
7 years ago /cc @x1ddos @bradfitz
x1ddos
commented
7 years ago Somehow this feels closely related to #19800: hooks/logs for some event such as renew or a failure.
prologic
commented
7 years ago I did notice the title of that issue when filing this but at first glance wasn't quite what I was describing here. The way I see this working now is:
mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, TLS user! Your config: %+v", r.TLS)
})
log.Fatal(http.Serve(autocert.NewListener("example.com"), mux))But if this isn't even the server you're trying to setup a TLS Listener for then you need a way to figure out when the challenge/response completed successfully so you can "borrow" that cert to use in your real TLS listener.
x1ddos
commented
7 years ago Then maybe just using golang.org/x/crypto/acme could be simpler in your case? Autocert was designed specifically to aid TLS listeners.
My use-case for ACME / LetsEncrypt is to setup a TLS Listener that isn't a HTTP/HTTPS endpoint. e.g: IRC, or something else.
The code in x/crypto/acme/autocert doesn't make it very obvious how one can identify whether a cert was successfully acquired or renewed. The only solution I've come up with in poking at this is to "watch" for changes to the file system with a file-system implementation of the
Cacheinterface.Is this something we can add or is there a more recommended way to handle this?