GitLab

The websocket server caches its automatic certificates: https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/server/server.go?id=d865b7c252d3a7efd789a84757fc2635b1964921#n309 But the broker does not: https://gitweb.torproject.org/pluggable-transports/snowflake.git/tree/broker/broker.go?id=d865b7c252d3a7efd789a84757fc2635b1964921#n265

In legacy/trac#30509 (moved) the broker exceeded the Let's Encrypt rate limits and couldn't get a new certificate. Implementing a certificate cache will prevent it from happening again.

Once implemented, remember to undo the temporary --cert and --key configuration that was set up in comment:6:ticket:30509. That certificate is good for 1 year.