Until now I only used Jooby at work, creating internal projects for my company which has its on CA, generacting certificates was straightforward.

Now I wan't to create a personal public website with Jooby, SSL enabled. I would like to use Let's Encrypt to obtain free certificates. I never used it acutally, so I've just found how it works. Skip the next paragraph if you already familiar with it..

Let's Encrypt provides certs with short expiration periods (60-90 days), and on each renewal the CA needs to verify that you actually own the domain you want to encrypt. This is done by various challenges, e.g. a file with a special content has to be served via an HTTP request or a special DNS entry has to be made. If the verification succeeds, the cert can be downloaded. For this whole procedure Let's Encrypt uses the Automatic Certificate Management Environment (ACME) protocol, and has a client application which can be integrated with many popular web servers to manage certificate renewal automatically and transparently.

I had a look on how it should be done with java servers, and some suggested one should wrap the service with a proxy e.g. nginx which can be in turn integrated with Let's Encrypt. Is this the commonly used way or best practice?

If nothing against it, I already have thoughts how Let's Encrypt support could be integrated to Jooby via a module (only had a look on Netty as of now):

• server modules should accept a factory for SSL context
• there would be background service that keeps certs up to date usingacme4j, able to perform http challenges without user intervention (this would work for non-wildcard domain certs)
• an SSL context factory would make sure that an always up-to-date (and cached) context is handed over to the server implementation

I would spend time on this if it makes any sense.