Story #13446
Updated by Tom Clegg over 6 years ago
Background: Clients (including keepproxy) already have TLS support -- otherwise, they wouldn't be able to connect to keepproxy in a typical setup. However, keepstore itself does not have built-in support for TLS, and setting up Nginx alongside each keepstore is a burden. Load certificate and key from configured location (e.g., /var/lib/acme/live/...) at startup * If cert+key cannot be loaded, error out Reload cert+key if -they they change on disk- SIGHUP is received disk (acmetool or something similar will be refreshing certs) * If cert+key cannot be loaded, log a warning and continue using old cert+key https://blog.gopheracademy.com/advent-2016/exposing-go-on-the-internet/