Golang x/crypto/acme/autocert: Hooks for "CertAcquired", "CertRenewed"

My use-case for ACME / LetsEncrypt is to setup a TLS Listener that isn't a HTTP/HTTPS endpoint. e.g: IRC, or something else.

The code in x/crypto/acme/autocert doesn't make it very obvious how one can identify whether a cert was successfully acquired or renewed. The only solution I've come up with in poking at this is to "watch" for changes to the file system with a file-system implementation of the Cache interface.

Is this something we can add or is there a more recommended way to handle this?

Comment From: odeke-em

/cc @x1ddos @bradfitz

Comment From: x1ddos

Somehow this feels closely related to #19800: hooks/logs for some event such as renew or a failure.

Comment From: prologic

I did notice the title of that issue when filing this but at first glance wasn't quite what I was describing here. The way I see this working now is:

#!go mux := http.NewServeMux() mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "Hello, TLS user! Your config: %+v", r.TLS) }) log.Fatal(http.Serve(autocert.NewListener("example.com"), mux))

But if this isn't even the server you're trying to setup a TLS Listener for then you need a way to figure out when the challenge/response completed successfully so you can "borrow" that cert to use in your real TLS listener.

Comment From: x1ddos

Then maybe just using golang.org/x/crypto/acme could be simpler in your case? Autocert was designed specifically to aid TLS listeners.

Comment From: seankhliao

Closing as out of scope.