I'd like to use ktor as a reverse proxy that can automatically generate letsencrypt certificates and use them to serve content at runtime. Does anyone know of any way to hot swap in new ssl certificates at runtime?

This function is usually the responsibility of a load balancer (like AWS ELB; which automatically keeps certs up to date and has reverse-proxying capabilities). But if you want to make your own, I think the only way to renew certs at runtime is to have an nginx/apache proxy in front of your ktor server. Those servers can integrate with letsEncrypt certbot, which will swap the certs at runtime. Your nginx/apache proxy would be running on port 443, terminating TLS, and forwarding unencrypted traffic to your ktor server. But at this point, if your reverse-proxy logic is simple enough, then nginx/apache could probably perform the reverse-proxying; making the ktor server redundant.

I require special logic during the reverse proxy

Yeah, I should have made it more clear that you can easily run them both on the same container/instance.