x/crypto/acme/autocert: Hooks for "CertAcquired", "CertRenewed"

[prologic]

My use-case for ACME / LetsEncrypt is to setup a TLS Listener that isn't a HTTP/HTTPS endpoint. e.g: IRC, or something else.

The code in x/crypto/acme/autocert doesn't make it very obvious how one can identify whether a cert was successfully acquired or renewed. The only solution I've come up with in poking at this is to "watch" for changes to the file system with a file-system implementation of the Cache interface.

Is this something we can add or is there a more recommended way to handle this?

[odeke-em]

/cc @x1ddos @bradfitz

[x1ddos]

Somehow this feels closely related to #19800: hooks/logs for some event such as renew or a failure.

[prologic]

I did notice the title of that issue when filing this but at first glance wasn't quite what I was describing here. The way I see this working now is:

mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
    fmt.Fprintf(w, "Hello, TLS user! Your config: %+v", r.TLS)
})
log.Fatal(http.Serve(autocert.NewListener("example.com"), mux))

But if this isn't even the server you're trying to setup a TLS Listener for then you need a way to figure out when the challenge/response completed successfully so you can "borrow" that cert to use in your real TLS listener.

[x1ddos]

Then maybe just using golang.org/x/crypto/acme could be simpler in your case? Autocert was designed specifically to aid TLS listeners.