Hi,
I made this simple weekend project for not having to integrate with things like certibot
or acmev2.sh
(which btw the project is heavily inspired from).
Besides the crude acmev2 ciphering exchange boilerplate, the library also automatically renews the certificate before the expiration and notifies the application to give it the opportunity to restart anything based on the just renewed certificate.
In short, integrating this library makes an application run on valid certificates indefinitely.
I suppose it would be cool to add letsencrypt and friends … anyhow, link:
The http port to serve the well-known token is hardcoded to port 80, so you need permissions to open port 80 on your device:
sudo echo -en "net.ipv4.ip_unprivileged_port_start=80" > /etc/sysctl.d/port80.conf
If it gets good feedback I can add a config to use a different port so that users can NAT requests to a less contended, non privileged port like 8080 etc…
Cheers & happy new year