I mean, you absolutely can load the certificates and spin up a TLS server, but afaict there's no easy way to reload them once they are renewed. The documentation says that you must not change tls.Config. How would you do this?
评论:
nhooyr:
captncraig:There is a callback function
GetCertificate
in tls.Config
Vonney:Yeah, I believe https://github.com/xenolf/lego has an example for using their library this way.
captncraig:I'd look at the source of Caddy.
fighterjet-biceps:Or use caddy as a proxy in front of your go app. That's what I do.
v1rous:I solved this problem by serving my app behind nginx. The problem of managing certs is made less painful and you're given access to nginx's excellent feature set for caching and load balancing.
pyratzu:Haven't taken the time to look into baking HTTPS into a go app. However, IMO an nginx proxy is the right tool for this job.
I made package that will handle updated lets encrypt cents
go get -u github.com/CossackPyra/pyrahttp
pyrahttp.ListenAndServeLetsEncrypt(":7544", "/home/user/cert/game01.example.com/fullchain.pem", "/home/user/cert/game01.example.com/privkey.pem, nil)
Post in Russian language https://habrahabr.ru/post/274749/
I will try to make English post tomorrow.
I plan to release more code we use to handle lets encrypt in production with our game servers