lib/httpserver: add support for automatic issuing of TLS certificates via Lets Encrypt service

Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/5949
2026-05-17 08:36:55 +03:00 · 2024-04-17 23:38:16 +02:00
parent b421f1ab80
commit 50ac22df78
14 changed files with 233 additions and 41 deletions
--- a/lib/httpserver/httpserver.go
+++ b/lib/httpserver/httpserver.go
@@ -34,9 +34,10 @@ var (
 	tlsEnable = flagutil.NewArrayBool("tls", "Whether to enable TLS for incoming HTTP requests at the given -httpListenAddr (aka https). -tlsCertFile and -tlsKeyFile must be set if -tls is set. "+
 		"See also -mtls")
 	tlsCertFile = flagutil.NewArrayString("tlsCertFile", "Path to file with TLS certificate for the corresponding -httpListenAddr if -tls is set. "+
-		"Prefer ECDSA certs instead of RSA certs as RSA certs are slower. The provided certificate file is automatically re-read every second, so it can be dynamically updated")
+		"Prefer ECDSA certs instead of RSA certs as RSA certs are slower. The provided certificate file is automatically re-read every second, so it can be dynamically updated. "+
+		"See also -tlsAutocertHosts")
 	tlsKeyFile = flagutil.NewArrayString("tlsKeyFile", "Path to file with TLS key for the corresponding -httpListenAddr if -tls is set. "+
-		"The provided key file is automatically re-read every second, so it can be dynamically updated")
+		"The provided key file is automatically re-read every second, so it can be dynamically updated. See also -tlsAutocertHosts")
 	tlsCipherSuites = flagutil.NewArrayString("tlsCipherSuites", "Optional list of TLS cipher suites for incoming requests over HTTPS if -tls is set. See the list of supported cipher suites at https://pkg.go.dev/crypto/tls#pkg-constants")
 	tlsMinVersion   = flagutil.NewArrayString("tlsMinVersion", "Optional minimum TLS version to use for the corresponding -httpListenAddr if -tls is set. "+
 		"Supported values: TLS10, TLS11, TLS12, TLS13")