I am working on a Webserver which will provide differnt endpoints using https. The Server itself is running fine, but I want to add the auto-reneval of the tls certs using let's encrypt to the server, which I have no idea how to do this.
I've stumbled over some crates which provide such possibilities out of the box but I was not able to integrate them yet. Some of the Following:
The most promising was rustls_acme but I really dont know how to combine this into the actix server together with actix_web::server::HttpServer::bind_rustls.
Currently I use locally stored key and cert for the rustls config exactly like in the example.
#[actix_web::main]
async fn main() -> std::io::Result<()> {
let (i_cfg, app_data) = init().expect("Server initialization FAILED!");
let _log = init_logger(&i_cfg).expect("Logger Initialisation Failed!");
let state = web::Data::new(app_data);
return HttpServer::new(move || {
App::new()
.wrap(middleware::Compress::default())
.app_data(state.clone())
.route("/api/time", web::get().to(time))
.route("/api/echo", web::get().to(echo))
.route("/api/ship", web::get().to(ship))
.default_service(web::get().to(not_found))
})
.bind_rustls(i_cfg.ip_port, i_cfg.rustls_cfg)?
.workers(i_cfg.workers)
.run()
.await;
}
How can I achieve auto-reneval of tls certs using let'sEcnrypt with actix_web and rustls?
Is there a specific crate for actix which I just missed?
Bonus points if:
Thanks and Greets
There is an official example that integrates letsencrypt with actix-web (https://github.com/actix/examples/tree/master/https-tls/acme-letsencrypt). This does restart the server, however.
let _auto_shutdown_task = rt::spawn(async move {
// Shutdown server every 4 weeks so that TLS certs can be regenerated if
// needed. This is only appropriate in contexts like Kubernetes which
// can orchestrate restarts.
rt::time::sleep(Duration::from_secs(60 * 60 * 24 * 28)).await;
srv_handle.stop(true).await;
});
It should be possible to avoid that by
config.with_single_cert(...) with config.with_cert_resolver(...) in load_rustls_config.