Thanks for this awesome project! I've toyed with the idea of implementing Netflix Lemur for years just for the functionality of a LetsEncrypt certificate broker, but this project was WAY easier and straightforward to implement as an end-to-end solution.
Reading the documentation, I see this statement (https://www.certwarden.com/docs/using_certificates/client/):
On start it fetches the current key and cert from Cert Warden, after which it runs an https server that listens for update payloads from Cert Warden.
Am I understanding this correctly that the server connects back to the client via a separate communications channel to push update notifications to the client so that the client can then connect back to the server for certificate updates?
If this is the case, what happens if that port 5055 (Server to Client) communications pipeline isn't wired up correctly? Does the client ever poll the server for updates as a fallback? In my implementation, I would rather not expose ports on the client, and would rather have the client periodically poll the server for certificate updates. Is this a configurable option? Perhaps if real-time bi-directional push communication is a requirement, a websocket could be established from the client to the server instead?
Thanks again!
