Would it be feasible to reload certificates during runtime?

[shepmaster]

From what I've seen, the certificate file is loaded a single time at construction. Let's Encrypt certificates expire every 90 days. I tend to not restart my server that frequently, which means that the certificate will be the forcing function to restart.

Do you think that this is a desirable feature to reside in this library? If so, I'd be happy to take a first crack at it, so any guidance would be appreciated.

[sfackler]

See sfackler/rust-native-tls#27 - I would prefer a more traditional setup as well, but it's a question of figuring out how to make that happen for macOS and Windows.

[shepmaster]

I might have confused you with my similarly-titled simultaneous issues; I think you wanted that in #3 ?

[sfackler]

Derp, yes!

For this issue in particular, I believe this would best be done in a separate crate that implements an SslServer which allows an inner SslServer to be swapped out via some handle at runtime. You can then have some code that periodically looks for a new certificate/key, builds an SslServer out of them and installs it.

[shepmaster]

Yep, I figured that would be the suggestion, just figured I'd ask before going off and making it elsewhere.