I am working on a Webserver which will provide differnt endpoints using https. The Server itself is running fine, but I want to add the auto-reneval of the tls certs using let's encrypt to the server, which I have no idea how to do this.
I've stumbled over some crates which provide such possibilities out of the box but I was not able to integrate them yet. Some of the Following:
- acme_micro uses OpenSSL which is bad bc. of cross-compiling
- rustls_acme where I dont know how to combine this with the server (see below)
- tide_acme which is build for tide and not actix
The most promising was rustls_acme but I really dont know how to combine this into the actix server together with actix_web::server::HttpServer::bind_rustls.
Currently I use locally stored key and cert for the rustls config exactly like in the example.
#[actix_web::main]
async fn main() -> std::io::Result<()> {
let (i_cfg, app_data) = init().expect("Server initialization FAILED!");
let _log = init_logger(&i_cfg).expect("Logger Initialisation Failed!");
let state = web::Data::new(app_data);
return HttpServer::new(move || {
App::new()
.wrap(middleware::Compress::default())
.app_data(state.clone())
.route("/api/time", web::get().to(time))
.route("/api/echo", web::get().to(echo))
.route("/api/ship", web::get().to(ship))
.default_service(web::get().to(not_found))
})
.bind_rustls(i_cfg.ip_port, i_cfg.rustls_cfg)?
.workers(i_cfg.workers)
.run()
.await;
}
How can I achieve auto-reneval of tls certs using let'sEcnrypt with actix_web and rustls?
Is there a specific crate for actix which I just missed?
Bonus points if:
- No server downtime needed
- Multiple domains possible
- Directly via port 443 (TLS-ALPN-01)
Thanks and Greets
