How to set up Let's Encrypt for a Go server application

Question

I have my own domain with web services written in Go. I am using the inbuilt Go web server, without Nginx or Apache in front.

I would like to start serving over HTTPS an

Answer 1

I found a very simple solution, using the standalone mode.


INSTALL THE CERTBOT CLIENT (recommended by Let's Encrypt)

(go to the directory where you want to install the certbot client)
git clone https://github.com/certbot/certbot
cd certbot
./certbot-auto --help`

ISSUE CERTIFICATE (FIRST TIME)

N.B. this operation happens through the port 80, so in case your Go app listens on port 80, it needs to be switched off before running this command (which is very quick to run, by the way)

./certbot-auto certonly --standalone-supported-challenges http-01 -d www.yourdomain.com

ADD SSL LISTENER IN YOUR GO CODE

http.ListenAndServeTLS(":443", "/etc/letsencrypt/live/www.yourdomain.com/fullchain.pem", "/etc/letsencrypt/live/www.yourdomain.com/privkey.pem", nil)

Done!

TO RENEW CERTIFICATE (certificates expire after 90 days)

N.B. You can either run this manually (you will receive an email several days before the certificate expires), or set up a crontab

if your Go app doesn't listen to port 80 anymore, your Go app can keep running while you execute this command:
./certbot-auto renew --standalone

if your Go app still listens to port 80, you can specify the commands to stop and restart the Go app:
./certbot-auto renew --standalone --pre-hook "command to stop Go app" --post-hook "command to start Go app"

for the complete documentation of the Certbot commands: https://certbot.eff.org/docs/using.html