Thanks Sean Liao, Kurtis Rader, Marko Ristin-Kaufman, and cg-guy. Apologies for not responding sooner.
I looked at the code for Caddy and revproxyry. Neat stuff for sure and I'd seriously consider them for a more elaborate project. Thinking through my needs I concluded that it's probably better not to embed the process of obtaining and renewing certificates in the infinite-etudes code. That way if someone chooses to run their own instance, they can do whatever makes the most sense within on their choice of host platform. So I ended up biting the bullet and learning how to use systemd. The unit file I ended up with is below. It sets Restart=always to ensure that the program reloads no matter what and uses ExecStartPre to attempt to renew the certificate before starting the server. Seems reliable across reboots and killing the infinite-etudes process. I won't know for sure until the cert actually expires in month or so but the logs show that certbot is being invoked whenever the service reloads. It detects that the certs are unexpired and returns success on exit. [Unit] Description=Infinite Etudes server After=network.target [Service] Type=simple User=mellis WorkingDirectory=/home/mellis/ietudes # Always attempt to renew the certificate before (re)starting infinite-etudes ExecStartPre=+/usr/bin/certbot renew # infinite-etudes needs two environment variables that give full paths to the certificate # fullchain and key files. Environment="IETUDE_CERT_PATH=/etc/letsencrypt/live/etudes.ellisandgrant.com/fullchain.pem" Environment="IETUDE_CERTKEY_PATH=/etc/letsencrypt/live/etudes.ellisandgrant.com/privkey.pem" # run infinite-etudes as an https server ExecStart=/home/mellis/go/bin/infinite-etudes -s -p :443 # Ensure that the process is always restarted on failure or if terminated by a signal # A 5 second restart delay is used to reduce the possibility of thrashing if # something is badly wrong. Restart=always RestartSec=5 [Install] WantedBy=multi-user.target Thanks, again, for the help. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/bca87840-abed-4af2-84d6-8169078f6ae0%40googlegroups.com.