Make it easy for users to set up a secure site by automatically getting a certificate from Let's Encrypt.
Use something like lego. See comments below. If a user chooses Production, standalone and Secure during the setup process, before asking for the certificate / key paths, ask if the user wants to get a new certificate from Let's Encrypt. If so, do it -- if not, prompt for certificate / key paths.
If a user chooses Production, standalone, the "Web server mode" prompt should have the options:
- Insecure (port 80)
- Secure (port 443), manual
- Secure (port 443), automated
The [server] config section should have a new bool indicating we should use autocert to serve the application instead of the standard server. Something like:
Autocert bool `ini:"autocert"`
If that's true, use the autocert pkg to handle requests.