AutoTLS and Gin (gin-gonic) cannot read SSL certificate

php editor Xiaoxin discovered that when using AutoTLS and Gin (gin-gonic) to build a web application, you may encounter a problem: the SSL certificate cannot be read. This issue may prevent applications from properly using the HTTPS protocol for secure communication. Although both AutoTLS and Gin are very popular tools, there are some limitations when it comes to handling SSL certificates. In this article, we’ll delve into this issue and provide some solutions to help developers overcome this dilemma.

Question content

I am trying to use gin (gin-gonic) to create a microservice environment with simple code:

package main

import (
    "example.com/MSHandler/ms1"

    "log"

    "github.com/gin-gonic/autotls"
    "github.com/gin-gonic/gin"
)



func main() {
    // Create GIN
    router := gin.Default()

    // Call MS

    // Call MS1
    router.GET("/ms1", ms1.CallMS1)

    // Run GIN
    // router.Run(":443")

    // Run with Let's Encrypt
    log.Fatal(autotls.Run(router, "exampleMS.org"))
}

Every time I try to access the website, it gets marked as unsafe. My ssl certificates were generated using openssl and they (.key and .pem) are both located in the ~/.ssl folder (I'm using ubuntu). Do my certificates need to be in the same folder as my application?

I've read some articles online and here, but nothing directly points to autotls.

Solution

Packagegithub.com/gin-gonic/autotls Use below golang.org/x/crypto/acme/autocert . So if you want to read the documentation, go to https://pkg .go.dev/golang.org/x/crypto/acme/autocert. How Let's Encrypt works is a must-read document.

Comments:

1. autocert Apply the certificate from https://www.php.cn/link/1c9884d82761f8718077f56cee0c1da4 so you don’t need to provide it yourself to use openssl Generated certificate. If you want to use a self-signed certificate, autocert (and autotls) are not needed. And by default, clients do not trust self-signed certificates.

2. autocert A new ECDSA P-256 key will be created for you. If you want to use your own private key, set the key autocert.Manager. using

3. Since you need to apply for a certificate from https://www.php.cn/link/1c9884d82761f8718077f56cee0c1da4, the public network should be available for your application.

4. Let's Encrypt will verify that you are the domain owner by sending an HTTP request to your website. Make sure your website is accessible on the domain (from your demo, it's exampleMS.org). And this request is sent to HTTP port 80. So you should make sure this port is not blocked as well. More precisely:

   Let’s Encrypt CA will look at the requested domain name and issue one or more sets of challenges. These are different ways for a proxy to prove control of a domain. For example, the CA might give the agent a choice:

   • Configure DNS records under example.com, or
   • Configuring HTTP resources under well-known URIs

5. autotls provides several demos, if you don't know.

The above is the detailed content of AutoTLS and Gin (gin-gonic) cannot read SSL certificate. For more information, please follow other related articles on the PHP Chinese website!