It would be great if river has the ability to generate valid certificates with Lets encrypt in near future, similar to Nginx Proxy Manager or Traefik.

@jlmanohar this feature is planned: https://github.com/memorysafety/river/blob/main/docs/what-is-it.md#29---certificate-provisioning-and-management

Not sure when it will be prioritized, but it's definitely on the roadmap.

Just wanted to note that support for the ACME protocol is likely to come right after we finish the current chunk of work: https://github.com/memorysafety/river/milestone/3, I'll update if we decide it needs to be bumped up in priority.

ACME protocol support will benefit from a lot of the "pre-requisite" features we'll be doing in this milestone, once those are cleared the path towards supporting ACMEv2 will hopefully be much more direct.

Just wanted to note that support for the ACME protocol is likely to come right after we finish the current chunk of work: https://github.com/memorysafety/river/milestone/3, I'll update if we decide it needs to be bumped up in priority.

ACME protocol support will benefit from a lot of the "pre-requisite" features we'll be doing in this milestone, once those are cleared the path towards supporting ACMEv2 will hopefully be much more direct.

Thank you @jamesmunns , will the acme be a compelte rewrite for river or will it be using acmed crate? Just curious

Also if there are any low priority/ non critical tasks I would like to help out, I just recently started with rust and have an interest towards proxies because I self host.

@jlmanohar re: ACME - not sure yet! If there's something suitable I'll likely use that if possible, but that's part of what I need to evaluate when planning. If you have any other notes on this, feel free to share here!

re: misc topics, I'm still working on scoping and planning for this milestone, I'll likely have some more specific plans later this week. Feel free to chime in on any of the issues if you see something interesting.

https://crates.io/crates/rustls-acme was a crate shown to me that is capable of handling certbot-like behaviors, might potentially be usable, or useful to reference.

Let's encrypt Client Options looks like acmed and acme-redirect are mentioned in the client options page in let's encrypt and might be work checking out.

Caddy also has this feature and it's very robust. That implementation might serve as inspiration, but I don't know to what extent as it's written in Go.