feat: add tls-hot-reload example

https-tls/hot-reload/README.md

@@ -0,0 +1,63 @@
+# HTTPS Server With TLS Cert/Key Hot Reload
+
+## Usage
+
+All documentation assumes your terminal is in this directly (`cd https-tls/hot-reload`).
+
+### Certificate
+
+We put the self-signed certificate in this directory as an example but your browser would complain that it isn't secure. So we recommend to use [`mkcert`] to trust it. To use local CA, you should run:
+
+```shell
+$ mkcert -install
+```
+
+If you want to generate your own cert/private key file, then run:
+
+```shell
+$ mkcert -key-file key.pem -cert-file cert.pem 127.0.0.1 localhost
+```
+
+### Running The Example Server
+
+```shell
+$ RUST_LOG=info,example=debug cargo run
+Starting HTTPS server at https://localhost:8443
+```
+
+Reload the server by modifying the certificate metadata:
+
+```shell
+$ touch cert.pem
+```
+
+For a deeper inspection, use a tool like [`inspect-cert-chain`] between refreshes of the cert/key files using [`mkcert`] as shown above:
+
+```shell
+$ inspect-cert-chain --host=localhost --port=8443
+...
+Serial Number:
+  06:81:db:16:ff:c4:73:69:73:69:ae:d1:0e:3d:d1:5e
+...
+
+$ mkcert -key-file key.pem -cert-file cert.pem 127.0.0.1 localhost
+...
+
+$ inspect-cert-chain --host=localhost --port=8443
+...
+Serial Number:
+  00:a8:39:e7:aa:2e:73:18:f6:4e:d5:71:1e:c7:21:51:58
+...
+```
+
+Observing a change in the serial number without restarting the server demonstrates that the setup works.
+
+### Client
+
+- [HTTPie]: `http --verify=no :8443`
+- cURL: `curl -v --insecure https://127.0.0.1:8443`
+- Browser: navigate to <https://127.0.0.1:8443>
+
+[`mkcert`]: https://github.com/FiloSottile/mkcert
+[httpie]: https://httpie.io/cli
+[`inspect-cert-chain`]: https://github.com/robjtede/inspect-cert-chain