glm-5.1
b11f15d977
Add ACME TLS module with automatic Let's Encrypt certificate provisioning and renewal using rustls-acme 0.12. Each listener creates its own AcmeConfig with domain list, cache directory, and Let's Encrypt directory URL. The ACME state machine runs as a background tokio task per listener, and ResolvesServerCertAcme serves the provisioned certificate. Certificate failure behavior: fail to start without valid cert, continue serving if one exists. TLS-ALPN-01 is the default challenge type with acme-tls/1 ALPN registered. Cipher suites restricted to 4 TLS 1.2 + all TLS 1.3 suites. Also implements manual TLS mode with PEM file loading, SNI-based cert resolution, and shared CryptoProvider with restricted cipher suites.