Automatic Let's Encrypt support

[strugee]

It would be kind of neat if admins could specify a hostname, start pump.io, and automatically get smart HTTPS support. I'm imagining that we would have a configuration parameter called e.g. automaticTLS or managedHTTPS or something like that. When this parameter is flipped on (which we'd do in a semver-major release), pump.io would:

• Automatically acquire and manage a Let's Encrypt certificate.
• Automatically turn on HTTPS support using that certificate.
• Automatically turn on HTTP Strict Transport Security.

Having pump.io automatically manage all aspects of connection security would also let us enable transport security improvements to the entire network at once - for example, once OCSP stapling support lands and stabilizes, we could roll out OCSP Must-Staple to the entire network transparently.

[strugee]

Another obvious benefit of this is zero-downtime certificate rotation.

[jankusanagi]

This would be great =)

[strugee]

So I've been looking into how to do this; we may need to patch Node to add the relevant APIs. Relevant docs for the existing APIs are at https://nodejs.org/api/tls.html#tls_server_addcontext_hostname_context and the relevant source code is at https://github.com/nodejs/node/blob/master/lib/_tls_wrap.js; nodejs/node#4464 is the Node issue tracking this and has some ideas.