Support ACME certificate refresh without restart #1332
Description
Please describe your feature request:
My reading of the code and documentation suggests that the only way to get a new TLS cert using ACME/letsencrypt is to stop and restart the server. This feature request is to provide a way of refreshing the certificate without needing to do that. There are two ways I can think of that would meet this use case:
- Have some way of telling the server to initiate a new ACME request and update the certificate accordingly. Perhaps this doesn't need interaction with the server, as the lifetime of the certificate is known, so this could be automated. Letsencrypt recommend refreshing after 60 days for a 90 day cert length.
- When specifying an existing cert instead of letting the server retrieve one using ACME, have some functionality for reloading it from disk
Describe the use case of this feature:
- The primary use case for this feature is to enable long running servers that don't require periodic restart in order to keep the TLS cert valid
I'd also be interested to know how the publicly available interact.sh servers (oast.me etc) achieve long-term cert validity. Maybe there's an easier way to do this without changing the code.