Greenlock allows one to utilize Let’s Encrypt to generate valid certificates for usage on the general internet. This is a great addition to a boundary reverse proxy as I will no longer be pestered by the issues surrounding certificate provisioning and usage.

I wonder if you can do certificate rotation with a NodeJS SSL/TLS socket. Looking at the tls.Server class it does not look like it. I guess the best way to handle certificate rotation is to close the server socket and immediately open a new one.

Anyway…on to the design aspect. I feel like the core code should not directly depend on the Greenlock API but depend on a Certificate Store which each ingress point could consume. The ingress point could then optionally provision the certificate if desired.

Since the plugin system for Irrigation is really not implemented I’m just going to have core construction code check to see if the module is importable. If it is then it will be added to the set of plugins.