net/http: Server.ListenAndServeTLS not compatible with tls.Config.GetCertificate

[bradfitz]

@willchan noted that it's not possible to use net/http.Server.ListenAndServeTLS with a tls.Config with GetCertificate set, because Server.ListenAndServeTLS only checks len(config.Certificates) and never considers whether GetCertificate is non-nil.

This went unnoticed earlier but now everybody wants to use LetsEncrypt/TLS/http2 and LetsEncrypt gives out very quickly-expiring certificates, so the best way to use them is via TLS.Config.GetCertificate.

[gopherbot]

CL https://golang.org/cl/19381 mentions this issue.