Build support for the ACME protocol into IO to automatically provision SSL certificates.
IO supports the ACME protocol, which allows IO ingresses to automatically obtain SSL certificates from LetsEncrypt. Currently only the HTTP-01 challenge method is supported.
Pros#
- This is much easier than getting certificates manually.
- Other ingress proxies also do this, so it’s “table stakes”.
Cons#
- The HTTP-01 challenge requires port 80, which might be a problem for users who want to only expose port 443. Eventually we will probably want to fix this by adding support for TLS-ALPN-01.