Whether can dynamically set the certificate?

[basicfu]

I have been to see the AutoTLS function,But this is automatically applied to letsencrypt for certificate,I can dynamically at runtime to provide certificates of these domain names?
example:

app.TLS("a.example.com",certFile,keyFile)
app.TLS("b.test.com",certFile,keyFile)

If not I can only through the nginx lua dynamic allocation certificate

[kataras]

Hello @basicfu,

Please take a look at: #1486 and 481#issuecomment-605621255

[basicfu]

@kataras He was configured before running,I hope can be in the running configuration can

[kataras]

Oh I see, this is covered in his answer. The tls.Config has the GetCertificate field.

app.Run(iris.TLS(":443", "", "", func(su *iris.Supervisor) {
    su.Server.TLSConfig = &tls.Config{
	MinVersion:              tls.VersionTLS10,
	GetCertificate:          func(hello *tls.ClientHelloInfo) (*tls.Certificate, error){
            /* ur implementation here */
    }}
}))

[basicfu]

You may understand the wrong,I use scenes from redis subscribe to the domain name certificate,After the service,Update the certificate information from asynchronous thread.
example:

func main() {
	app := iris.New()
	go func() {
		//from redis Subscribe to the domain name certificate
		app.TLS("a.example.com",certFile,keyFile)
	}()
	_ = app.Run(iris.Addr(":443"))
}

[kataras]

OK @basicfu, I don't get it, why GetCertificate can't help you? Let's see some code, do you have a working snippet that you can show me so I can implement a feature around, or how you do that with net/http if not with GetCertificate?

EDIT: I am going to rest for a bit because I am asleep, take your time to answer.

[basicfu]

I'm sorry,I use the following code can be used

func main() {
	app := iris.New()
	app.Get("/", func(context context.Context) {
		_, _ = context.WriteString("hello")
	})
	_ = app.Run(iris.TLS(":443", "", "", func(su *iris.Supervisor) {
		su.Server.TLSConfig = &tls.Config{
			MinVersion: tls.VersionTLS10,
			GetCertificate: func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
				println("The TLS handshake", info.ServerName)
				certificate, _ := loadCertificate()
				return &certificate, nil
			},
		}
	}))
}

But he only gets the certificate when the new SSL handshakes.
Similar to the ssl_certificate_by_lua_block

If the user has established an SSL connection with a domain name and it is not closed. I updated the SSL certificate on the server side, but the connection is still the old certificate.I hope I can refresh the certificate in real time. I don't know if it can be realized through iris.

My English is translated. Sorry

[kataras]

Again, post the code you used before Iris. Iris is fully compatible with net/http. If it cant be done with Iris, it cant be done in general.

[basicfu]

Thank you for

[kataras]

Hello @basicfu, you are welcome but you didn't post any code in order to help you, no problem. Could you please post down your solution so other developers can learn from?

[basicfu]

@kataras I found a document in Aliyun
https://yq.aliyun.com/articles/230330

dycert.lua 是阿里云 CDN 实现的动态证书模块，在 SSL 完整握手时会调用到这个模块，在 Session 复用的握手情况下不会调用到这个模块，这是因为 Session 复用时不需要证书和私钥，这是 openssl 回调接口的官方实现，但是阿里云 CDN 的实现中，还有很多 HTTPS 的动态配置需要在 dycert 模块中来设置，所以我们修改了 openssl，让其在 Session 复用时也调用到 dycert 模块，这为我们实现很多 HTTPS 动态配置（比如： HTTP/2 开关，客户端认证，TLS record size 配置）提供了方便
mean:
This module will be called during SSL full handshake, and will not be called during session multiplexing handshake. This is because there is no need for certificate and private key during session multiplexing, which is the official implementation of OpenSSL callback interface.
So Aliyun modified OpenSSL to call ssl_certificate_by_lua_block module when session is reused.
Equal to trigger every request GetCertificate
But my ability is limited. I don't know how to modify it. I will continue to find alternative solutions to achieve it.