find a way to survive connection failures to Let's Encrypt

[anarcat]

one issue with having the dcomms server offline is that they might be cut off from the Let's Encrypt certificate authority and, after a while (< 90 days), their certificates will expire.

renewing certs with let's encrypt is pretty hard in difficult network conditions. you not only need to be able to reach them, but they need to reach you and from multiple vantage points on the internet.

so it might be worth looking at alternatives. some ideas:

• get a certificate with a longer lifetime, maybe from a commercial provider (Tor uses Digicert for the web browser signing, Fastly use Global Sign, for what that's worth)
• use a DNS-01 challenge, as DNS has a better chance of getting through censorship and high latency issue (e.g. it might work better with a satellite uplink)