Adding HTTPS to our API
HTTPS used to be painful because you had to get your certificate through a CA, pay for it, and renew it every year, and that was far from ideal, especially for small projects. Hence, the situation was that many projects didn’t use HTTPS or they used self-signed certificates, which are not trusted by browsers. But then, Let's Encrypt appeared, and everything changed. Now, you can easily integrate the certificate generation with your application and refresh it when needed without human intervention. The recommended way of using certs is using certbot, but because this is a book about Go, let’s add the code-based way to our example.
First, we will need a certs directory to store the certificates generated by Let's Encrypt. Let’s create it:
$ mkdir certs
Once we have the directory, we modify our main function to use the autocert package to generate the certificates for us. Let’s see how we can do it:
import...
