autocert | kubernetes add-on that automatically injects TLS | TLS library

The full error message is:

403 urn:acme:error:unauthorized: Account creation on ACMEv1 is disabled. Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555. See https://community.letsencrypt.org/t/end-of-life-plan-for-acmev1/88430 for details

And I've googled this and reviewed that link, but I'm just using:

golang.org/x/crypto/acme/autocert

package in a very normal way:

Regarding Letsencrypt and go autocert - I am asking here as I see autocert being a go package( Please direct or correct me.)

Will golang.org/x/crypto/acme/autocert renew certificate automatically, or should you:

1. make a timer,
2. check date
3. Renew(before expire

I tried running this example code from the autocert documentation, changing it to use my domain:

I'm local on Mac OS 10.14.6 using Angular 8, Symfony 4.3 and mercure 0.72 darwin. I'm quite new to symfony. I wanted to dispatch updates only to authorized clients on my local machine. So far it really is a big pain. I hope I can find some help or answers here.

Last error I get is

http: TLS handshake error from ip:55289: acme/autocert: unable to authorize "mydyndns-url.com"; challenge "http-01" failed with error: acme: authorization error for mydyndns-url.com: 400 urn:acme:error:connection: Fetching http://mydyndns-url.com/.well-known/acme-challenge/SomeHash: Error getting validation data; challenge "tls-alpn-01" failed with error: acme: authorization error for mydyndns-url.com: 400 urn:acme:error:connection: Connection refused

plus

I have a flutter app (dart based) and a GoLang server, using GRPC.

I wanted to secure it, so I tried setting up Ngninx with certbot(I'm new at this), but the bot requires a challenge where it connects to the Web service (for the Domain) for an http response, which my service doesn't give. It is possible to run both GRPC and HTTP server on the same port, but I couldn't understand how to setup Nginx for that.

Then I tried setting up TLS for my service itself using autocert but doing that with acme requires the same web service response and without that I have to give manual certificates and skip insecure verify which isn't available in dart for now (only two options available secure and insecure). And testing autocert on local doesn't help either as it doesn't even create local certs (at least for me).

I also read about a DNS challenge which requires a DNS TXT record, but I'm not sure if it'll ask me to put up a new TXT record on every renewal.

Anyway, I'm mostly confused as to how to move forwards with this. I connect with GRPC to actual mobile apps and haven't found many tutorials or questions regarding this anywhere. My GoLang server also interacts with other internal micro-services, so making it TLS supported would also mean redeploying all other services with secure flag enabled.

Any help regarding what I should do to secure my GRPC connection to apps, would be amazing!

Relevant docs:

• https://www.nginx.com/blog/nginx-1-13-10-grpc/
• https://godoc.org/golang.org/x/crypto/acme/autocert
• https://serverfault.com/questions/750902/how-to-use-lets-encrypt-dns-challenge-validation
• https://d3void.net/post/acme/

Apologies if this is a stupid question, but I've been stuck on this for a week.

Is it possible to fit a m.GetCertificate into a GRPC client / server?

I am writing a program in go which makes an HTTP request to different server and reads the response. The program works absolutely fine on Windows/Mac but when I run the program on ARM based Rasp Pi 3 with Rasbian OS, it fails.

Every-time I try to build the code it throws this error, could any suggest what I am doing wrong here?

I have two separate servers using the same domain name with separate prefixes, one doing some app stuff and one doing filesharing. Using the autocert package how can I just configure the cert manager to produce a certificate that I can use on both servers?

I'm building currently a service that uses acme/autocert. To use that service with more than 1 replicas, I had to write a persistent cache interface like DirCache. Then I noticed, that after restarting the service all valid certs in the Cache got ignored on the startup. The following sequence happens all the time:

• Cache put acme_account+key (even if it exists in the cache)
• Cache get acme_account+key
• Cache get my.domain.net (it returns the cached cert)
• Cache get acme_account+key
• Cache put my.domain.net+token
• Cache put HASH+http-01
• Cache delete HASH+http-01
• Cache delete my.domain.net+token
• Cache put my.domain.net (put the new cert)

Is this the correct behavior? Because every replica would create its own cert and a persistent Cache is not possible with this circumstances

Here is my manager factory