gogo-gin

How to manage certfile renew in golang with gin?


I have a mini gin micro service that need https. But sometimes, my certfile is renewed with certbot but I don't know when, and my gin micro service is still using the old cert.

func Run() {
    fmt.Println("begin")
    r := gin.Default()
    r.Use(cors.Default())
    r.POST("getLieu/", getAdr)
    r.GET("lucky/", Lucky)

    r.RunTLS((":8083"),"/etc/letsencrypt/live/toto.fr/fullchain.pem","/etc/letsencrypt/live/toto.fr/privkey.pem") // listen and serve on 0.0.0.0:8080
}

How can i tell my gin program to check if the cert have changed or not?


Solution

  • You restart it periodically.

    Analogue example, nginx sits in front of your gin program:

    • Certs are valid for 3 months
    • Every month a certbot renew cronjob or systemd timer is ran
    • Every week nginx is restarted

    The same happens with your gin program. You restart the gin program (/service) every week.

    Extra points: graceful shutdown