get_certificates ~yes_my_port_80_is_reachable_and_unused ~production cfg client tries to resolve the Let's encrypt challenge by initiating an HTTP server on port 80 and handling requests from it with ocaml-letsencrypt.

This resolution requires that your domain name (requested in the given cfg.hostname) redirects Let's encrypt to this HTTP server. You probably need to check your DNS configuration.

The client value can be made by Http_mirage_client.Make.connect to be able to launch HTTP requests to Let's encrypt.

with_lets_encrypt_certificates ?port ?alpn_protocols stackv4v6 ~production cfg client handler launches 2 servers:

• An HTTP/1.1 server which handles let's encrypt challenges and redirections
• An ALPN server (which handles HTTP/1.1 and H2 by default, otherwise you can specify protocols via the alpn_protocol argument) which run the user's request handler

The client value can be made by Http_mirage_client.Make.connect to be able to launch HTTP requests to Let's encrypt.

Every 80 days, the fiber re-askes a new certificate from let's encrypt and re-update the ALPN server with this new certificate. The HTTP/1.1 server does the redirection to the hostname defined into the given cfg.

NOTE: For the alpn_protocols argument, only "h2", "http/1.1" and "http/1.0" are handled. Any others protocols will be ignored! The order of protocols matters. If "h2" is the first one and the client handles the "h2" protocol, server and client agree to use this protocol (even if both handle "http/1.1").

The default value of alpn_protocols prioritises "http/1.1" as the protocol which should be picked by the client.