uWSGI could support Let's Encrypt to generate certs either at startup or on the fly, in a similar way as caddy does (https://caddyserver.com/docs/automatic-https).
This would allow us not to have to put caddy or nginx in front of uwsgi just for this feature. 馃憤
Just out of curiosity - what is wrong with exec hooks?
It is possible to specify something like "exec-post-app = /lets/encrypt/request-or-renew-script", and signal uwsgi to restart if there was a new cert installed.
@aldem it could be a workable workaround. Out of the top of my head I could say:
1) One would have to maintain such a script (would be much nicer to just have a flag and trust uwsgi to do the right thing)
2) Let's encrypt certs have a short lifetime (90 days) and rely on automatic renewal. I would not like to have to routinely restart (and remember to do so) my apps to get the new cert.
One have to maintain such uwsgi code too ;)
But the multiplicator factor is much higher :-P
But I guess it could be a mounted app by itself instead of an exec hook (that way we would also have access to timers and the uwsgi python api).. I'll try to find the time to look into it!
I simply run letsencrypt script from cronjob once in a while, and if certificates are updated it gracefully restarts all involved instances.
On the other hand... For a loaded site, something like nginx in front + caching provides much better performance comparing to "raw" uwsgi (especially when SSL/TLS is involved) - so it is better not to abuse uwsgi anyway... imho :)
how to run uwsgi with go-caddy, make they work together?