Enable cache for ACME certificates in broker
The websocket server caches its automatic certificates: https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/server/server.go?id=d865b7c252d3a7efd789a84757fc2635b1964921#n309 But the broker does not: https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/broker/broker.go?id=d865b7c252d3a7efd789a84757fc2635b1964921#n265
In #30509 (moved) the broker exceeded the Let's Encrypt rate limits and couldn't get a new certificate. Implementing a certificate cache will prevent it from happening again.
Once implemented, remember to undo the temporary --cert
and --key
configuration that was set up in comment:6:ticket:30509. That certificate is good for 1 year.